Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-12037

An issue was discovered on Samsung 840 EVO and 850 EVO devices (only in "ATA high" mode, not vulnerable in "TCG" or "ATA max" mode), Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and MX300 devices. Absence of a cryptographic link between the password and the Disk Encryption Key allows attackers with privileged access to SSD firmware full access to encrypted data.

Published

2018-11-20T19:29:00.247

Last Modified

2024-11-21T03:44:28.030

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 4.0 (MEDIUM)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:P/I:N/A:N

  • Access Vector: LOCAL
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

3.4

Impact Score

2.9

Weaknesses
  • Type: Primary
    NVD-CWE-noinfo
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System samsung 840_evo_firmware - Yes
Hardware samsung 840_evo - No
Operating System samsung 850_evo_firmware - Yes
Hardware samsung 850_evo - No
Operating System samsung t3_firmware - Yes
Hardware samsung t3 - No
Operating System samsung t5_firmware - Yes
Hardware samsung t5 - No
Operating System micron crucial_mx100_firmware - Yes
Hardware micron crucial_mx100 - No
Operating System micron crucial_mx200_firmware - Yes
Hardware micron crucial_mx200 - No
Operating System micron crucial_mx300_firmware - Yes
Hardware micron crucial_mx300 - No
References