CVE-2022-28384 — MEDIUM (5.5)

Q: How severe is CVE-2022-28384?

CVE-2022-28384 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-28384?

Check the references section above for vendor advisories and patch information. Affected products include: Verbatim Keypad Secure Usb 3.2 Gen 1 Firmware, Verbatim Keypad Secure Usb 3.2 Gen 1, Verbatim Store \'N\' Go Secure Portable Hdd Firmware, Verbatim Store \'N\' Go Secure Portable Hdd.

Vulnerability Description

An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they allow an offline brute-force attack for determining the correct passcode, and thus gaining unauthorized access to the stored encrypted data. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428 and Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Verbatim	Keypad Secure Usb 3.2 Gen 1 Firmware	<= 2022-03-31
Verbatim	Keypad Secure Usb 3.2 Gen 1	-
Verbatim	Store \'N\' Go Secure Portable Hdd Firmware	<= 2022-03-31
Verbatim	Store \'N\' Go Secure Portable Hdd	-

Related Weaknesses (CWE)

CWE-307

References

http://packetstormsecurity.com/files/167481/Verbatim-Keypad-Secure-USB-3.2-Gen-1ExploitMailing ListThird Party Advisory
http://packetstormsecurity.com/files/167499/Verbatim-Store-N-Go-Secure-Portable-ExploitMailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2022/Jun/17ExploitMailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2022/Jun/8ExploitMailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/3Mailing ListThird Party Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-001.tExploitThird Party Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-005.tExploitThird Party Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-043.tExploitThird Party Advisory
http://packetstormsecurity.com/files/167481/Verbatim-Keypad-Secure-USB-3.2-Gen-1ExploitMailing ListThird Party Advisory
http://packetstormsecurity.com/files/167499/Verbatim-Store-N-Go-Secure-Portable-ExploitMailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2022/Jun/17ExploitMailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2022/Jun/8ExploitMailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/3Mailing ListThird Party Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-001.tExploitThird Party Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-005.tExploitThird Party Advisory

FAQ

What is CVE-2022-28384?

CVE-2022-28384 is a vulnerability with a CVSS score of 5.5 (MEDIUM). An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they allow an offline brute-force attack for determining the correct passcode, and thus gaining unauth...

How severe is CVE-2022-28384?

CVE-2022-28384 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-28384?

Check the references section above for vendor advisories and patch information. Affected products include: Verbatim Keypad Secure Usb 3.2 Gen 1 Firmware, Verbatim Keypad Secure Usb 3.2 Gen 1, Verbatim Store \'N\' Go Secure Portable Hdd Firmware, Verbatim Store \'N\' Go Secure Portable Hdd.