Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2018-12037
HistoryNov 20, 2018 - 7:29 p.m.

CVE-2018-12037

2018-11-2019:29:00
[email protected]
web.nvd.nist.gov
59
samsung
840 evo
850 evo
samsung t3
samsung t5
crucial
mx100
mx200
mx300
data encryption
vulnerability
firmware
ssd

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

4 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

5 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.2%

JSON

An issue was discovered on Samsung 840 EVO and 850 EVO devices (only in β€œATA high” mode, not vulnerable in β€œTCG” or β€œATA max” mode), Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and MX300 devices. Absence of a cryptographic link between the password and the Disk Encryption Key allows attackers with privileged access to SSD firmware full access to encrypted data.

Affected configurations

NVD
Node
samsung840_evo_firmwareMatch-
AND
samsung840_evoMatch-
Node
samsung850_evo_firmwareMatch-
AND
samsung850_evoMatch-
Node
samsungt3_firmwareMatch-
AND
samsungt3Match-
Node
samsungt5_firmwareMatch-
AND
samsungt5Match-
Node
microncrucial_mx100_firmwareMatch-
AND
microncrucial_mx100Match-
Node
microncrucial_mx200_firmwareMatch-
AND
microncrucial_mx200Match-
Node
microncrucial_mx300_firmwareMatch-
AND
microncrucial_mx300Match-

Related

nvd 1
prion 1
cvelist 1
threatpost 1
ibm 1
lenovo 2
cert 1
nvd
nvd
CVE-2018-12037
2018-11-20 19:29:00
prion
prion
Code injection
2018-11-20 19:29:00
cvelist
cvelist
CVE-2018-12037
2018-11-20 19:00:00
threatpost
threatpost
Samsung, Crucial’s Flawed Storage Drive Encryption Leaves Data Exposed
2018-11-06 16:08:55
ibm
ibm
Security Bulletin: IBM FlashSystem 9100 family and IBM Storwize V7000 2076-724 (Gen3) systems areΒ NOT affected by security vulnerabilities CVE-2018-12037 and CVE-2018-12038
2023-03-29 01:48:02
lenovo
lenovo
Self-Encrypting Drive Vulnerabilities - Lenovo Support US
2019-01-31 17:18:39
Self-Encrypting Drive Vulnerabilities - US
2019-01-31 17:18:39
cert
cert
Self-encrypting hard drives do not adequately protect data
2018-11-06 00:00:00

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

4 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

5 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.2%

JSON
Related for CVE-2018-12037
nvd1prion1cvelist1threatpost1ibm1lenovo2cert1