Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMBA9751C90274AAD0F5991652083AC6685ED00CEDBFC27660136A700CE107A35E
HistoryMar 29, 2023 - 1:48 a.m.

Security Bulletin: IBM FlashSystem 9100 family and IBM Storwize V7000 2076-724 (Gen3) systems areย NOT affected by security vulnerabilities CVE-2018-12037 and CVE-2018-12038

2023-03-2901:48:02
www.ibm.com
21
ibm flashsystem
storwize v7000
security vulnerabilities
cryptographic link
ssd firmware
encrypted data
self encrypting drive
ibm storwize v7000
ibm flashsystem v9000

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

4.2 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

19.6%

JSON

Summary

IBM FlashSystem 9100 systems and Storwize V7000 2076-724 (Gen3) systems are NOT affected by the security vulnerabilities where, by the absence of a cryptographic link between the password and the Disk Encryption Key, allows attackers with privileged access to SSD firmware to gain full access and the ability to decrypt encrypted data.

Vulnerability Details

IBM FlashSystem 9100 systems and Storwize V7000 2076-724 (Gen3) systems are, in all editions and all platforms, NOT affected by the security vulnerabilities CVE-2018-12037 and CVE-2018-12038. All Self Encrypting Drive models supported by IBM FlashSystem 9100 systems and Storwize V7000 2076-724 (Gen3) systems are also NOT affected by the aforementioned vulnerabilities.

Affected Products and Versions

IBM Storwize V7000
IBM FlashSystem V9000

Affected configurations

Vulners
Node
ibmstorwize_v7000Matchany
OR
ibmibm_flashsystem_9x00Matchany

Related

threatpost 1
cvelist 2
prion 2
nvd 2
cve 2
cert 1
lenovo 2
threatpost
threatpost
Samsung, Crucialโ€™s Flawed Storage Drive Encryption Leaves Data Exposed
2018-11-06 16:08:55
cvelist
cvelist
CVE-2018-12038
2018-11-20 19:00:00
CVE-2018-12037
2018-11-20 19:00:00
prion
prion
Code injection
2018-11-20 19:29:00
Command injection
2018-11-20 19:29:00
nvd
nvd
CVE-2018-12037
2018-11-20 19:29:00
CVE-2018-12038
2018-11-20 19:29:00
cve
cve
CVE-2018-12037
2018-11-20 19:29:00
CVE-2018-12038
2018-11-20 19:29:00
cert
cert
Self-encrypting hard drives do not adequately protect data
2018-11-06 00:00:00
lenovo
lenovo
Self-Encrypting Drive Vulnerabilities - Lenovo Support US
2019-01-31 17:18:39
Self-Encrypting Drive Vulnerabilities - US
2019-01-31 17:18:39

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

4.2 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

19.6%

JSON
Related for BA9751C90274AAD0F5991652083AC6685ED00CEDBFC27660136A700CE107A35E
threatpost1cvelist2prion2nvd2cve2cert1lenovo2