CVE-2022-28387 — MEDIUM (4.6)

Q: How severe is CVE-2022-28387?

CVE-2022-28387 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-28387?

Check the references section above for vendor advisories and patch information. Affected products include: Verbatim Executive Fingerprint Secure Ssd Firmware, Verbatim Executive Fingerprint Secure Ssd, Verbatim Fingerprint Secure Portable Hard Drive Firmware, Verbatim Fingerprint Secure Portable Hard Drive.

Vulnerability Description

An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they can be unlocked by an attacker who can then gain unauthorized access to the stored data. The attacker can simply use an undocumented IOCTL command that retrieves the correct password. This affects Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 and Fingerprint Secure Portable Hard Drive Part Number #53650.

CVSS Score

4.6

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Verbatim	Executive Fingerprint Secure Ssd Firmware	<= 2022-03-31
Verbatim	Executive Fingerprint Secure Ssd	-
Verbatim	Fingerprint Secure Portable Hard Drive Firmware	<= 2022-03-31
Verbatim	Fingerprint Secure Portable Hard Drive	-

References

http://packetstormsecurity.com/files/167527/Verbatim-Executive-Fingerprint-SecurExploitMailing ListThird Party Advisory
http://packetstormsecurity.com/files/167531/Verbatim-Fingerprint-Secure-PortableExploitMailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2022/Jun/13ExploitMailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2022/Jun/21ExploitMailing ListThird Party Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-009.tExploitThird Party Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-014.tExploitThird Party Advisory
http://packetstormsecurity.com/files/167527/Verbatim-Executive-Fingerprint-SecurExploitMailing ListThird Party Advisory
http://packetstormsecurity.com/files/167531/Verbatim-Fingerprint-Secure-PortableExploitMailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2022/Jun/13ExploitMailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2022/Jun/21ExploitMailing ListThird Party Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-009.tExploitThird Party Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-014.tExploitThird Party Advisory

FAQ

What is CVE-2022-28387?

CVE-2022-28387 is a vulnerability with a CVSS score of 4.6 (MEDIUM). An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they can be unlocked by an attacker who can then gain unauthorized access to the stored data. The atta...

How severe is CVE-2022-28387?

CVE-2022-28387 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-28387?

Check the references section above for vendor advisories and patch information. Affected products include: Verbatim Executive Fingerprint Secure Ssd Firmware, Verbatim Executive Fingerprint Secure Ssd, Verbatim Fingerprint Secure Portable Hard Drive Firmware, Verbatim Fingerprint Secure Portable Hard Drive.