CVE-2022-28386 — MEDIUM (4.6)

Q: How severe is CVE-2022-28386?

CVE-2022-28386 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-28386?

Check the references section above for vendor advisories and patch information. Affected products include: Verbatim Keypad Secure Usb 3.2 Gen 1 Firmware, Verbatim Keypad Secure Usb 3.2 Gen 1, Verbatim Gd25Lk01-3637-C Firmware, Verbatim Gd25Lk01-3637-C.

Vulnerability Description

An issue was discovered in certain Verbatim drives through 2022-03-31. The security feature for lockout (e.g., requiring a reformat of the drive after 20 failed unlock attempts) does not work as specified. More than 20 attempts may be made. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428 and Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0.

CVSS Score

4.6

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Verbatim	Keypad Secure Usb 3.2 Gen 1 Firmware	<= 2022-03-31
Verbatim	Keypad Secure Usb 3.2 Gen 1	-
Verbatim	Gd25Lk01-3637-C Firmware	<= 2022-03-31
Verbatim	Gd25Lk01-3637-C	-

Related Weaknesses (CWE)

CWE-307

References

http://packetstormsecurity.com/files/167492/Verbatim-Keypad-Secure-USB-3.2-Gen-1Third Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/167509/Verbatim-Store-N-Go-Secure-Portable-Third Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2022/Jun/11Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2022/Jun/20Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/6Mailing ListThird Party Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-004.tThird Party Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-008.tThird Party Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-046.tExploitThird Party Advisory
http://packetstormsecurity.com/files/167492/Verbatim-Keypad-Secure-USB-3.2-Gen-1Third Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/167509/Verbatim-Store-N-Go-Secure-Portable-Third Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2022/Jun/11Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2022/Jun/20Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/6Mailing ListThird Party Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-004.tThird Party Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-008.tThird Party Advisory

FAQ

What is CVE-2022-28386?

CVE-2022-28386 is a vulnerability with a CVSS score of 4.6 (MEDIUM). An issue was discovered in certain Verbatim drives through 2022-03-31. The security feature for lockout (e.g., requiring a reformat of the drive after 20 failed unlock attempts) does not work as speci...

How severe is CVE-2022-28386?

CVE-2022-28386 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-28386?

Check the references section above for vendor advisories and patch information. Affected products include: Verbatim Keypad Secure Usb 3.2 Gen 1 Firmware, Verbatim Keypad Secure Usb 3.2 Gen 1, Verbatim Gd25Lk01-3637-C Firmware, Verbatim Gd25Lk01-3637-C.