CVE Vulnerability

CVE-2018-12037

An issue was discovered on Samsung 840 EVO and 850 EVO devices (only in "ATA high" mode, not vulnerable in "TCG" or "ATA max" mode), Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and MX300 devices. Absence of a cryptographic link between the password and the Disk Encryption Key allows attackers with privileged access to SSD firmware full access to encrypted data.

1.9 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.4 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

4 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.4 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180028 Patch Third Party Advisory
http://www.securityfocus.com/bid/105840 Third Party Advisory VDB Entry
https://security.netapp.com/advisory/ntap-20181112-0001/ Third Party Advisory
Configurations

Configuration 1
Information

Published : 2018-11-20 07:29

Updated : 2019-10-03 12:03

NVD link : CVE-2018-12037

Mitre link : CVE-2018-12037

Products Affected

850 Evo Firmware

Samsung

CWE
NVD-CWE-noinfo