CVE Vulnerability

CVE-2022-28387

An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they can be unlocked by an attacker who can then gain unauthorized access to the stored data. The attacker can simply use an undocumented IOCTL command that retrieves the correct password. This affects Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 and Fingerprint Secure Portable Hard Drive Part Number #53650.

2.1 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

4.6 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-009.txt Exploit Third Party Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-014.txt Exploit Third Party Advisory
http://seclists.org/fulldisclosure/2022/Jun/13 Exploit Mailing List
http://seclists.org/fulldisclosure/2022/Jun/21 Exploit Mailing List
http://packetstormsecurity.com/files/167531/Verbatim-Fingerprint-Secure-Portable-Hard-Drive-53650-Risky-Crypto.html Exploit Mailing List
http://packetstormsecurity.com/files/167527/Verbatim-Executive-Fingerprint-Secure-SSD-GDMSFE01-INI3637-C-VER1.1-Risky-Crypto.html Exploit Mailing List
Configurations

Configuration 1
Information

Published : 2022-06-08 04:15

Updated : 2022-06-21 05:42

NVD link : CVE-2022-28387

Mitre link : CVE-2022-28387

Products Affected
No products.
CWE
NVD-CWE-noinfo