Executive Fingerprint Secure Ssd Firmware
CVE-2022-28387
MEDIUM
Severity by source
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they can be unlocked by an attacker who can then gain unauthorized access to the stored data. The attacker can simply use an undocumented IOCTL command that retrieves the correct password. This affects Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 and Fingerprint Secure Portable Hard Drive Part Number #53650.
AnalysisAI
An issue was discovered in certain Verbatim drives through 2022-03-31. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they can be unlocked by an attacker who can then gain unauthorized access to the stored data. The attacker can simply use an undocumented IOCTL command that retrieves the correct password. This affects Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 and Fingerprint Secure Portable Hard Drive Part Number #53650. Affected products include: Verbatim Executive Fingerprint Secure Ssd Firmware, Verbatim Fingerprint Secure Portable Hard Drive Firmware. Version information: through 2022.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
An issue was discovered in certain Verbatim drives through 2022-03-31. Rated high severity (CVSS 7.5), this vulnerabilit
An issue was discovered in certain Verbatim drives through 2022-03-31. Rated medium severity (CVSS 6.8), this vulnerabil
An issue was discovered in certain Verbatim drives through 2022-03-31. Rated medium severity (CVSS 4.6), this vulnerabil
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today