Vulnerability Description
Western Digital SanDisk SanDisk X300, X300s, X400, and X600 devices: The firmware update authentication method relies on a symmetric HMAC digest. The key used to validate this digest is present in a protected area of the device, and if extracted could be used to install arbitrary firmware to other devices.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Westerndigital | Sandisk X600 Sd9Tb8W-128G Firmware | < x6112100 |
| Westerndigital | Sandisk X600 Sd9Tb8W-128G | - |
| Westerndigital | Sandisk X600 Sd9Tb8W-256G Firmware | < x6112100 |
| Westerndigital | Sandisk X600 Sd9Tb8W-256G | - |
| Westerndigital | Sandisk X600 Sd9Tb8W-512G Firmware | < x6112100 |
| Westerndigital | Sandisk X600 Sd9Tb8W-512G | - |
| Westerndigital | Sandisk X600 Sd9Tb8W-1T00 Firmware | < x6112100 |
| Westerndigital | Sandisk X600 Sd9Tb8W-1T00 | - |
| Westerndigital | Sandisk X600 Sd9Tb8W-2T00 Firmware | < x6112100 |
| Westerndigital | Sandisk X600 Sd9Tb8W-2T00 | - |
| Westerndigital | Sandisk X600 Sd9Tn8W-128G Firmware | < x6112100 |
| Westerndigital | Sandisk X600 Sd9Tn8W-128G | - |
| Westerndigital | Sandisk X600 Sd9Tn8W-256G Firmware | < x6112100 |
| Westerndigital | Sandisk X600 Sd9Tn8W-256G | - |
| Westerndigital | Sandisk X600 Sd9Tn8W-512G Firmware | < x6112100 |
| Westerndigital | Sandisk X600 Sd9Tn8W-512G | - |
| Westerndigital | Sandisk X600 Sd9Tn8W-1T00 Firmware | < x6112100 |
| Westerndigital | Sandisk X600 Sd9Tn8W-1T00 | - |
| Westerndigital | Sandisk X600 Sd9Tn8W-2T00 Firmware | < x6112100 |
| Westerndigital | Sandisk X600 Sd9Tn8W-2T00 | - |
Related Weaknesses (CWE)
References
- https://support.wdc.com/cat_products.aspx?ID=6&lang=enProduct
- https://www.westerndigital.com/support/productsecurity/wdc-19006-sandisk-x600-saVendor Advisory
- https://www.westerndigital.com/support/productsecurity/wdc-19007-sandisk-x300-x4Vendor Advisory
- https://support.wdc.com/cat_products.aspx?ID=6&lang=enProduct
- https://www.westerndigital.com/support/productsecurity/wdc-19006-sandisk-x600-saVendor Advisory
- https://www.westerndigital.com/support/productsecurity/wdc-19007-sandisk-x300-x4Vendor Advisory
FAQ
What is CVE-2019-10706?
CVE-2019-10706 is a vulnerability with a CVSS score of 6.3 (MEDIUM). Western Digital SanDisk SanDisk X300, X300s, X400, and X600 devices: The firmware update authentication method relies on a symmetric HMAC digest. The key used to validate this digest is present in a p...
How severe is CVE-2019-10706?
CVE-2019-10706 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-10706?
Check the references section above for vendor advisories and patch information. Affected products include: Westerndigital Sandisk X600 Sd9Tb8W-128G Firmware, Westerndigital Sandisk X600 Sd9Tb8W-128G, Westerndigital Sandisk X600 Sd9Tb8W-256G Firmware, Westerndigital Sandisk X600 Sd9Tb8W-256G, Westerndigital Sandisk X600 Sd9Tb8W-512G Firmware.