1. Home
  2. CVE Database
  3. CVE-2015-7267
MEDIUM · 4.2

CVE-2015-7267

Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS ...

Vulnerability Description

Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS 2.32; ThinkPad W541 laptops with BIOS 2.21; Dell Latitude E6410 laptops with BIOS A16; or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by leveraging failure to detect when SATA drives are unplugged in Sleep Mode, aka a "Hot Plug attack."

CVSS Score

4.2

MEDIUM

CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
PHYSICAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
Samsung850 Pro Firmware-
Samsung850 Pro-
SamsungPm851 Firmware-
SamsungPm851-
SeagateSt500Lt015 Firmware-
SeagateSt500Lt015-
SeagateSt500Lt025 Firmware-
SeagateSt500Lt025-

Related Weaknesses (CWE)

CWE-254

References

FAQ

What is CVE-2015-7267?

CVE-2015-7267 is a vulnerability with a CVSS score of 4.2 (MEDIUM). Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS ...

How severe is CVE-2015-7267?

CVE-2015-7267 has been rated MEDIUM with a CVSS base score of 4.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-7267?

Check the references section above for vendor advisories and patch information. Affected products include: Samsung 850 Pro Firmware, Samsung 850 Pro, Samsung Pm851 Firmware, Samsung Pm851, Seagate St500Lt015 Firmware.