Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-12309

Insufficiently protected credentialsin subsystem in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access.

Published

2020-11-12T18:15:13.907

Last Modified

2024-11-21T04:59:29.443

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.6 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Primary
CWE-522

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	intel	ssd_pro_6000p_firmware	< psf131p	Yes
Hardware	intel	ssd_pro_6000p	-	No
Operating System	intel	ssd_pro_5450s_firmware	< lhf005p	Yes
Hardware	intel	ssd_pro_5450s	-	No
Operating System	intel	ssd_e_5100s_firmware	< lhf004e	Yes
Hardware	intel	ssd_e_5100s	-	No
Operating System	intel	ssd_pro_5400s_firmware	< lbf017p	Yes
Hardware	intel	ssd_pro_5400s	-	No
Operating System	intel	ssd_pro_7600p_firmware	< 005p	Yes
Hardware	intel	ssd_pro_7600p	-	No
Operating System	intel	ssd_760p_firmware	< 005c	Yes
Hardware	intel	ssd_760p	-	No
Operating System	intel	ssd_e_6100p_firmware	< 005e	Yes
Hardware	intel	ssd_e_6100p	-	No
Operating System	intel	ssd_660p_firmware	< 004c	Yes
Hardware	intel	ssd_660p	-	No
Operating System	intel	optane_ssd_905p_firmware	< e2010480	Yes
Hardware	intel	optane_ssd_905p	-	No
Operating System	intel	optane_ssd_900p_firmware	< e2010480	Yes
Hardware	intel	optane_ssd_900p	-	No
Operating System	intel	ssd_dc_p4510_firmware	< vdv10170	Yes
Hardware	intel	ssd_dc_p4510	-	No
Operating System	intel	ssd_dc_p4610_firmware	< vdv10170	Yes
Hardware	intel	ssd_dc_p4610	-	No
Operating System	intel	ssd_dc_p4800x_firmware	< e2010485	Yes
Hardware	intel	ssd_dc_p4800x	-	No
Operating System	intel	ssd_dc_p4801x_firmware	< e2010485	Yes
Hardware	intel	ssd_dc_p4801x	-	No
Operating System	intel	ssd_dc_p4101_firmware	< 008d	Yes
Hardware	intel	ssd_dc_p4101	-	No
Operating System	intel	ssd_pro_5450s_firmware	< lhf0b3p	Yes
Hardware	intel	ssd_pro_5450s	-	No
Operating System	intel	ssd_e_5100s_firmware	< lhf0ae3	Yes
Hardware	intel	ssd_e_5100s	-	No
Operating System	intel	ssd_pro_5400s_firmware	< lsf043p	Yes
Hardware	intel	ssd_pro_5400s	-	No

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00362 Vendor Advisory ([email protected])
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00362 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)