Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
lenovoLenovoLENOVO:PS500213-NOSID
HistoryJan 31, 2019 - 5:18 p.m.

Self-Encrypting Drive Vulnerabilities - US

2019-01-3117:18:39
support.lenovo.com
90

0.002 Low

EPSS

Percentile

55.4%

JSON

Lenovo Security Advisory: LEN-25256

Potential Impact: Information disclosure

Severity: Medium

Scope of Impact: Industry-wide

CVE Identifier: CVE-2018-12037, CVE-2018-12038, CVE-2019-10636, CVE-2019-10705, CVE-2019-10706, CVE-2019-11686

Summary Description:

As reported in CERT Coordination Center Vulnerability Note VU#395981, researchers from Radboud University in the Netherlands have discovered vulnerabilities in self-encrypting drives. Vendors have made us aware of vulnerabilities which require physical access to the drive. The vulnerable drive families are listed in the Affected Drives section.

Mitigation Strategy for Customers (what you should do to protect yourself):

If you are using software encryption, you are not affected by these vulnerabilities even if your SED hardware is vulnerable.

Download and run the SED_checker tool available here to determine if your system is vulnerable.

For vulnerable systems:

  • If a firmware update is available, update to the version (or later) described for your system.
  • If no firmware update is available, switch from hardware to software encryption.
    • If you are using Microsoft BitLocker, please follow the instructions in Microsoft Security Advisory ADV180028 to determine the drive encryption type. If you are using hardware-based encryption (this is very unlikely for drives supplied by Lenovo due to manufacturing configurations), please follow Microsoft’s guidance in the advisory to switch to software-based encryption.
    • If you are using OPAL mode with WinMagic or another enterprise drive encryption manager, please consult with your software supplier about how to determine your encryption type and how to switch to your tool’s software encryption mode.

Affected Drives:

Crucial (Micron) MX100, MX200 and MX300 drives (Lenovo did not ship)
HGST Travel Star Jaguar C7
Lenovo AH6661, AM6671
Lite-On CA3, CV3, L9G, L9S, M6G, M6S, V2G, V2S
Micron 1100, M600
Samsung 840 EVO, 850 EVO, T3, T5 (Lenovo did not ship)
Samsung CM871, PM851, PM871, SM951
Sandisk X300, X300S, X400, X600

Related

cert 1
lenovo 1
threatpost 1
ibm 1
prion 6
cvelist 6
nvd 6
cve 6
cert
cert
Self-encrypting hard drives do not adequately protect data
2018-11-06 00:00:00
lenovo
lenovo
Self-Encrypting Drive Vulnerabilities - Lenovo Support US
2019-01-31 17:18:39
threatpost
threatpost
Samsung, Crucial’s Flawed Storage Drive Encryption Leaves Data Exposed
2018-11-06 16:08:55
ibm
ibm
Security Bulletin: IBM FlashSystem 9100 family and IBM Storwize V7000 2076-724 (Gen3) systems are NOT affected by security vulnerabilities CVE-2018-12037 and CVE-2018-12038
2023-03-29 01:48:02
prion
prion
Code injection
2018-11-20 19:29:00
Design/Logic Flaw
2020-03-10 13:15:00
Authentication flaw
2020-03-10 13:15:00
cvelist
cvelist
CVE-2018-12037
2018-11-20 19:00:00
CVE-2019-11686
2020-03-10 12:35:45
CVE-2018-12038
2018-11-20 19:00:00
nvd
nvd
CVE-2018-12037
2018-11-20 19:29:00
CVE-2019-11686
2020-03-10 13:15:12
CVE-2019-10706
2020-03-10 13:15:12
cve
cve
CVE-2019-11686
2020-03-10 13:15:12
CVE-2019-10706
2020-03-10 13:15:12
CVE-2018-12037
2018-11-20 19:29:00

0.002 Low

EPSS

Percentile

55.4%

JSON
Related for LENOVO:PS500213-NOSID
cert1lenovo1threatpost1ibm1prion6cvelist6nvd6cve6