1. Home
  2. CVE Database
  3. CVE-2018-12037
MEDIUM · 4.0

CVE-2018-12037

An issue was discovered on Samsung 840 EVO and 850 EVO devices (only in "ATA high" mode, not vulnerable in "TCG" or "ATA max" mode), Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and MX3...

Vulnerability Description

An issue was discovered on Samsung 840 EVO and 850 EVO devices (only in "ATA high" mode, not vulnerable in "TCG" or "ATA max" mode), Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and MX300 devices. Absence of a cryptographic link between the password and the Disk Encryption Key allows attackers with privileged access to SSD firmware full access to encrypted data.

CVSS Score

4.0

MEDIUM

CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
PHYSICAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
Samsung840 Evo Firmware-
Samsung840 Evo-
Samsung850 Evo Firmware-
Samsung850 Evo-
SamsungT3 Firmware-
SamsungT3-
SamsungT5 Firmware-
SamsungT5-
MicronCrucial Mx100 Firmware-
MicronCrucial Mx100-
MicronCrucial Mx200 Firmware-
MicronCrucial Mx200-
MicronCrucial Mx300 Firmware-
MicronCrucial Mx300-

References

FAQ

What is CVE-2018-12037?

CVE-2018-12037 is a vulnerability with a CVSS score of 4.0 (MEDIUM). An issue was discovered on Samsung 840 EVO and 850 EVO devices (only in "ATA high" mode, not vulnerable in "TCG" or "ATA max" mode), Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and MX3...

How severe is CVE-2018-12037?

CVE-2018-12037 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-12037?

Check the references section above for vendor advisories and patch information. Affected products include: Samsung 840 Evo Firmware, Samsung 840 Evo, Samsung 850 Evo Firmware, Samsung 850 Evo, Samsung T3 Firmware.