Vulnerability-Lookup

CVE-2015-7267 (GCVE-0-2015-7267)

Vulnerability from cvelistv5 – Published: 2017-11-27 22:00 – Updated: 2024-08-06 07:43

Summary

Severity ?

No CVSS data available.

CWE

Assigner

certcc

References

URL

GSD-2015-7267

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-7267

Aliases

CVE-2015-7267

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-7267",
    "description": "Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS 2.32; ThinkPad W541 laptops with BIOS 2.21; Dell Latitude E6410 laptops with BIOS A16; or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by leveraging failure to detect when SATA drives are unplugged in Sleep Mode, aka a \"Hot Plug attack.\"",
    "id": "GSD-2015-7267"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-7267"
      ],
      "details": "Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS 2.32; ThinkPad W541 laptops with BIOS 2.21; Dell Latitude E6410 laptops with BIOS A16; or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by leveraging failure to detect when SATA drives are unplugged in Sleep Mode, aka a \"Hot Plug attack.\"",
      "id": "GSD-2015-7267",
      "modified": "2023-12-13T01:20:01.183378Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2015-7267",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS 2.32; ThinkPad W541 laptops with BIOS 2.21; Dell Latitude E6410 laptops with BIOS A16; or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by leveraging failure to detect when SATA drives are unplugged in Sleep Mode, aka a \"Hot Plug attack.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.infoworld.com/article/3004913/encryption/self-encrypting-drives-are-hardly-any-better-than-software-based-encryption.html",
            "refsource": "MISC",
            "url": "https://www.infoworld.com/article/3004913/encryption/self-encrypting-drives-are-hardly-any-better-than-software-based-encryption.html"
          },
          {
            "name": "https://www.blackhat.com/docs/eu-15/materials/eu-15-Boteanu-Bypassing-Self-Encrypting-Drives-SED-In-Enterprise-Environments-wp.pdf",
            "refsource": "MISC",
            "url": "https://www.blackhat.com/docs/eu-15/materials/eu-15-Boteanu-Bypassing-Self-Encrypting-Drives-SED-In-Enterprise-Environments-wp.pdf"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:samsung:850_pro_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:samsung:850_pro:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:samsung:pm851_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:samsung:pm851:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:seagate:st500lt015_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:seagate:st500lt015:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:seagate:st500lt025_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:seagate:st500lt025:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2015-7267"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS 2.32; ThinkPad W541 laptops with BIOS 2.21; Dell Latitude E6410 laptops with BIOS A16; or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by leveraging failure to detect when SATA drives are unplugged in Sleep Mode, aka a \"Hot Plug attack.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-254"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.infoworld.com/article/3004913/encryption/self-encrypting-drives-are-hardly-any-better-than-software-based-encryption.html",
              "refsource": "MISC",
              "tags": [
                "Technical Description",
                "Third Party Advisory"
              ],
              "url": "https://www.infoworld.com/article/3004913/encryption/self-encrypting-drives-are-hardly-any-better-than-software-based-encryption.html"
            },
            {
              "name": "https://www.blackhat.com/docs/eu-15/materials/eu-15-Boteanu-Bypassing-Self-Encrypting-Drives-SED-In-Enterprise-Environments-wp.pdf",
              "refsource": "MISC",
              "tags": [
                "Technical Description",
                "Third Party Advisory"
              ],
              "url": "https://www.blackhat.com/docs/eu-15/materials/eu-15-Boteanu-Bypassing-Self-Encrypting-Drives-SED-In-Enterprise-Environments-wp.pdf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 0.5,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2017-12-20T20:45Z",
      "publishedDate": "2017-11-27T22:29Z"
    }
  }
}

FKIE_CVE-2015-7267

Vulnerability from fkie_nvd - Published: 2017-11-27 22:29 - Updated: 2025-04-20 01:37

Severity ?

4.2 (Medium) - CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
cret@cert.org	https://www.blackhat.com/docs/eu-15/materials/eu-15-Boteanu-Bypassing-Self-Encrypting-Drives-SED-In-Enterprise-Environments-wp.pdf	Technical Description, Third Party Advisory
cret@cert.org	https://www.infoworld.com/article/3004913/encryption/self-encrypting-drives-are-hardly-any-better-than-software-based-encryption.html	Technical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.blackhat.com/docs/eu-15/materials/eu-15-Boteanu-Bypassing-Self-Encrypting-Drives-SED-In-Enterprise-Environments-wp.pdf	Technical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.infoworld.com/article/3004913/encryption/self-encrypting-drives-are-hardly-any-better-than-software-based-encryption.html	Technical Description, Third Party Advisory

Impacted products

Vendor	Product	Version
samsung	850_pro_firmware	-
samsung	850_pro	-
samsung	pm851_firmware	-
samsung	pm851	-
seagate	st500lt015_firmware	-
seagate	st500lt015	-
seagate	st500lt025_firmware	-
seagate	st500lt025	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:samsung:850_pro_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32302DB9-927F-4232-88DF-11C134266EBB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:samsung:850_pro:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "811049BE-1584-4E45-A157-1BEDBB74D6C0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:samsung:pm851_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9513E12E-A0EF-4789-8D2D-B97032C5A65C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:samsung:pm851:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8040B236-B936-4642-8CF7-237CE39EE7F0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:seagate:st500lt015_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "05C36534-C9F5-4FE1-B8C8-5BA6D021C5C7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:seagate:st500lt015:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E60BC85A-FE1F-44EB-A049-6EA987C48AE0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:seagate:st500lt025_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B999BEA-6A98-46B5-832F-76231DAA3BEA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:seagate:st500lt025:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C625B6AD-4665-42EF-91DD-F45180719768",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS 2.32; ThinkPad W541 laptops with BIOS 2.21; Dell Latitude E6410 laptops with BIOS A16; or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by leveraging failure to detect when SATA drives are unplugged in Sleep Mode, aka a \"Hot Plug attack.\""
    },
    {
      "lang": "es",
      "value": "Las unidades de estado s\u00f3lido Samsung 850 Pro y PM851 y las unidades de disco duro Seagate ST500LT015 y ST500LT025, cuando est\u00e1n en modo de espera y operando en modo Opal o eDrive en port\u00e1tiles Lenovo ThinkPad T440s con BIOS 2.32; port\u00e1tiles ThinkPad W541 con BIOS 2.21; port\u00e1tiles Dell Latitude E6410 con BIOS A16; o port\u00e1tiles Latitude E6430 con BIOS A16, permiten que atacantes cercanos f\u00edsicamente omitan la protecci\u00f3n Self-Encrypting Drive (SED) aprovechando el fracaso a la hora de detectar cu\u00e1ndo est\u00e1n desconectados los discos SATA en modo de espera. Esto tambi\u00e9n se conoce como \"Hot Plug attack\"."
    }
  ],
  "id": "CVE-2015-7267",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 1.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.2,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 0.5,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-11-27T22:29:00.237",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://www.blackhat.com/docs/eu-15/materials/eu-15-Boteanu-Bypassing-Self-Encrypting-Drives-SED-In-Enterprise-Environments-wp.pdf"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://www.infoworld.com/article/3004913/encryption/self-encrypting-drives-are-hardly-any-better-than-software-based-encryption.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://www.blackhat.com/docs/eu-15/materials/eu-15-Boteanu-Bypassing-Self-Encrypting-Drives-SED-In-Enterprise-Environments-wp.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://www.infoworld.com/article/3004913/encryption/self-encrypting-drives-are-hardly-any-better-than-software-based-encryption.html"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-254"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201711-0015

Vulnerability from variot - Updated: 2025-04-20 23:32

Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS 2.32; ThinkPad W541 laptops with BIOS 2.21; Dell Latitude E6410 laptops with BIOS A16; or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by leveraging failure to detect when SATA drives are unplugged in Sleep Mode, aka a "Hot Plug attack.". Samsung 850 Pro/PM851 Solid state drives and Seagate ST500LT015/ST500LT025 There are vulnerabilities in hard disk drives that can bypass security functions.Information may be obtained. LenovoThinkPadT440slaptop is a laptop from Lenovo China. The DellLatitudeE6410laptop is a laptop from Dell. Samsung850Pro, etc. are all hard drives used in laptops. The Samsung850Pro is a hard disk manufactured by Samsung in South Korea. The Seagate ST500LT015 is a hard drive manufactured by Seagate. There are security holes in the Samsung850Pro, PM851 SSD, SeagateST500LT015 and ST500LT025 hard drives on several devices. An attacker could exploit this vulnerability to bypass self-encrypting hard disk (SED) protection. Samsung/Seagate Self-Encrypting Drive Protection are prone to a local security-bypass vulnerability. This may aid in further attacks. The following products are vulnerable: Seagate ST500LT015 and ST500LT025 Samsung 850 Pro and PM851. Samsung 850 Pro etc. The following products are affected: Lenovo ThinkPad T440s laptop using BIOS version 2.32; ThinkPad W541 laptop using BIOS version 2.21; Dell Latitude E6410 laptop using BIOS version A16; Latitude E6430 laptop using BIOS version A16

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0015",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "pm851",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "samsung",
        "version": null
      },
      {
        "model": "850 pro",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "samsung",
        "version": null
      },
      {
        "model": "pm851",
        "scope": null,
        "trust": 1.4,
        "vendor": "samsung",
        "version": null
      },
      {
        "model": "st500lt015",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "seagate",
        "version": null
      },
      {
        "model": "st500lt025",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "seagate",
        "version": null
      },
      {
        "model": "st500lt015",
        "scope": null,
        "trust": 0.8,
        "vendor": "seagate",
        "version": null
      },
      {
        "model": "st500lt025",
        "scope": null,
        "trust": 0.8,
        "vendor": "seagate",
        "version": null
      },
      {
        "model": "850 pro",
        "scope": null,
        "trust": 0.8,
        "vendor": "samsung",
        "version": null
      },
      {
        "model": "pro",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "samsung",
        "version": "850"
      },
      {
        "model": "technology st500lt015",
        "scope": null,
        "trust": 0.6,
        "vendor": "seagate",
        "version": null
      },
      {
        "model": "technology st500lt025",
        "scope": null,
        "trust": 0.6,
        "vendor": "seagate",
        "version": null
      },
      {
        "model": "st500lt025",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "seagate",
        "version": "0"
      },
      {
        "model": "st500lt015",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "seagate",
        "version": "0"
      },
      {
        "model": "pm851",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "samsung",
        "version": "0"
      },
      {
        "model": "pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "samsung",
        "version": "8500"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-38305"
      },
      {
        "db": "BID",
        "id": "102336"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008068"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-1082"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7267"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:seagate:st500lt015_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:seagate:st500lt025_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:samsung:850_pro_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:samsung:pm851_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008068"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Daniel Boteanu and Kevvie Fowler of KPMG.",
    "sources": [
      {
        "db": "BID",
        "id": "102336"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-7267",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "CVE-2015-7267",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 1.8,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "CNVD-2017-38305",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.6,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "VHN-85228",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:L/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.5,
            "id": "CVE-2015-7267",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2015-7267",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2015-7267",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-38305",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201711-1082",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-85228",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-38305"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85228"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008068"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-1082"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7267"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS 2.32; ThinkPad W541 laptops with BIOS 2.21; Dell Latitude E6410 laptops with BIOS A16; or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by leveraging failure to detect when SATA drives are unplugged in Sleep Mode, aka a \"Hot Plug attack.\". Samsung 850 Pro/PM851 Solid state drives and Seagate ST500LT015/ST500LT025 There are vulnerabilities in hard disk drives that can bypass security functions.Information may be obtained. LenovoThinkPadT440slaptop is a laptop from Lenovo China. The DellLatitudeE6410laptop is a laptop from Dell. Samsung850Pro, etc. are all hard drives used in laptops. The Samsung850Pro is a hard disk manufactured by Samsung in South Korea. The Seagate ST500LT015 is a hard drive manufactured by Seagate. There are security holes in the Samsung850Pro, PM851 SSD, SeagateST500LT015 and ST500LT025 hard drives on several devices. An attacker could exploit this vulnerability to bypass self-encrypting hard disk (SED) protection. Samsung/Seagate Self-Encrypting Drive Protection are prone to a local security-bypass vulnerability. This may aid in further attacks. \nThe following products are vulnerable:\nSeagate ST500LT015 and ST500LT025\nSamsung 850 Pro and PM851. Samsung 850 Pro etc. The following products are affected: Lenovo ThinkPad T440s laptop using BIOS version 2.32; ThinkPad W541 laptop using BIOS version 2.21; Dell Latitude E6410 laptop using BIOS version A16; Latitude E6430 laptop using BIOS version A16",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-7267"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008068"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-38305"
      },
      {
        "db": "BID",
        "id": "102336"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85228"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-7267",
        "trust": 3.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008068",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-1082",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-38305",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "102336",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-85228",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-38305"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85228"
      },
      {
        "db": "BID",
        "id": "102336"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008068"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-1082"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7267"
      }
    ]
  },
  "id": "VAR-201711-0015",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-38305"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85228"
      }
    ],
    "trust": 1.4942857200000002
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-38305"
      }
    ]
  },
  "last_update_date": "2025-04-20T23:32:03.075000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Samsung 850 Pro",
        "trust": 0.8,
        "url": "http://www.samsung.com/semiconductor/minisite/jp/ssd/consumer/850pro/"
      },
      {
        "title": "Samsung PM851 Solid State Drive",
        "trust": 0.8,
        "url": "https://www.samsung.com/us/business/oem-solutions/pdfs/PM851-SSD-ProdOverview.pdf"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://www.seagate.com/jp/ja/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008068"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-254",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85228"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008068"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7267"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.4,
        "url": "https://www.blackhat.com/docs/eu-15/materials/eu-15-boteanu-bypassing-self-encrypting-drives-sed-in-enterprise-environments-wp.pdf"
      },
      {
        "trust": 2.0,
        "url": "https://www.infoworld.com/article/3004913/encryption/self-encrypting-drives-are-hardly-any-better-than-software-based-encryption.html"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7267"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7267"
      },
      {
        "trust": 0.3,
        "url": "www.samsung.com"
      },
      {
        "trust": 0.3,
        "url": "https://www.seagate.com"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-38305"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85228"
      },
      {
        "db": "BID",
        "id": "102336"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008068"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-1082"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7267"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-38305"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85228"
      },
      {
        "db": "BID",
        "id": "102336"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008068"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-1082"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7267"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-12-28T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-38305"
      },
      {
        "date": "2017-11-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-85228"
      },
      {
        "date": "2017-11-27T00:00:00",
        "db": "BID",
        "id": "102336"
      },
      {
        "date": "2018-01-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-008068"
      },
      {
        "date": "2017-11-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201711-1082"
      },
      {
        "date": "2017-11-27T22:29:00.237000",
        "db": "NVD",
        "id": "CVE-2015-7267"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-12-28T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-38305"
      },
      {
        "date": "2017-12-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-85228"
      },
      {
        "date": "2017-11-27T00:00:00",
        "db": "BID",
        "id": "102336"
      },
      {
        "date": "2018-01-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-008068"
      },
      {
        "date": "2017-11-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201711-1082"
      },
      {
        "date": "2025-04-20T01:37:25.860000",
        "db": "NVD",
        "id": "CVE-2015-7267"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "102336"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-1082"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Samsung 850 Pro/PM851 of  SSD and  Seagate ST500LT015/ST500LT025 of  HDD Vulnerabilities that bypass security functions",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008068"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-1082"
      }
    ],
    "trust": 0.6
  }
}

GHSA-VFRM-FG27-345M

Vulnerability from github – Published: 2022-05-17 00:12 – Updated: 2022-05-17 00:12

Details

Severity ?

4.2 (Medium)


                  
                    CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-7267"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-11-27T22:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS 2.32; ThinkPad W541 laptops with BIOS 2.21; Dell Latitude E6410 laptops with BIOS A16; or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by leveraging failure to detect when SATA drives are unplugged in Sleep Mode, aka a \"Hot Plug attack.\"",
  "id": "GHSA-vfrm-fg27-345m",
  "modified": "2022-05-17T00:12:16Z",
  "published": "2022-05-17T00:12:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7267"
    },
    {
      "type": "WEB",
      "url": "https://www.blackhat.com/docs/eu-15/materials/eu-15-Boteanu-Bypassing-Self-Encrypting-Drives-SED-In-Enterprise-Environments-wp.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.infoworld.com/article/3004913/encryption/self-encrypting-drives-are-hardly-any-better-than-software-based-encryption.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2017-38305

Vulnerability from cnvd - Published: 2017-12-28

Title

多款设备Samsung 850 Pro、PM851固态硬盘、Seagate ST500LT015和ST500LT025硬盘热插拔攻击漏洞

Description

Lenovo ThinkPad T440s laptop是中国联想（Lenovo）公司的一款笔记本电脑。Dell Latitude E6410 laptop是美国戴尔（Dell）公司的一款笔记本电脑。Samsung 850 Pro等都是使用在笔记本电脑中的硬盘。Samsung 850 Pro是韩国三星（Samsung）公司生产的硬盘。Seagate ST500LT015是美国希捷（Seagate）公司生产的硬盘。多款设备上的Samsung 850 Pro、PM851固态硬盘、Seagate ST500LT015和ST500LT025硬盘中存在安全漏洞。攻击者可利用该漏洞绕过自我加密硬盘（SED）保护。

Severity

低

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页及时更新： http://www.samsung.com/cn/

Reference

https://www.blackhat.com/docs/eu-15/materials/eu-15-Boteanu-Bypassing-Self-Encrypting-Drives-SED-In-Enterprise-Environments-wp.pdf

Impacted products

Name
['Samsung 850 Pro', 'Samsung PM851', 'Seagate Technology ST500LT015', 'Seagate Technology ST500LT025']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-7267"
    }
  },
  "description": "Lenovo ThinkPad T440s laptop\u662f\u4e2d\u56fd\u8054\u60f3\uff08Lenovo\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7b14\u8bb0\u672c\u7535\u8111\u3002Dell Latitude E6410 laptop\u662f\u7f8e\u56fd\u6234\u5c14\uff08Dell\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7b14\u8bb0\u672c\u7535\u8111\u3002Samsung 850 Pro\u7b49\u90fd\u662f\u4f7f\u7528\u5728\u7b14\u8bb0\u672c\u7535\u8111\u4e2d\u7684\u786c\u76d8\u3002Samsung 850 Pro\u662f\u97e9\u56fd\u4e09\u661f\uff08Samsung\uff09\u516c\u53f8\u751f\u4ea7\u7684\u786c\u76d8\u3002Seagate ST500LT015\u662f\u7f8e\u56fd\u5e0c\u6377\uff08Seagate\uff09\u516c\u53f8\u751f\u4ea7\u7684\u786c\u76d8\u3002\r\n\r\n\u591a\u6b3e\u8bbe\u5907\u4e0a\u7684Samsung 850 Pro\u3001PM851\u56fa\u6001\u786c\u76d8\u3001Seagate ST500LT015\u548cST500LT025\u786c\u76d8\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u81ea\u6211\u52a0\u5bc6\u786c\u76d8\uff08SED\uff09\u4fdd\u62a4\u3002",
  "discovererName": "unknwon",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u53ca\u65f6\u66f4\u65b0\uff1a\r\nhttp://www.samsung.com/cn/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-38305",
  "openTime": "2017-12-28",
  "products": {
    "product": [
      "Samsung 850 Pro",
      "Samsung PM851",
      "Seagate Technology ST500LT015",
      "Seagate Technology ST500LT025"
    ]
  },
  "referenceLink": "https://www.blackhat.com/docs/eu-15/materials/eu-15-Boteanu-Bypassing-Self-Encrypting-Drives-SED-In-Enterprise-Environments-wp.pdf",
  "serverity": "\u4f4e",
  "submitTime": "2017-11-29",
  "title": "\u591a\u6b3e\u8bbe\u5907Samsung 850 Pro\u3001PM851\u56fa\u6001\u786c\u76d8\u3001Seagate ST500LT015\u548cST500LT025\u786c\u76d8\u70ed\u63d2\u62d4\u653b\u51fb\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-7267 (GCVE-0-2015-7267)

GSD-2015-7267

FKIE_CVE-2015-7267

VAR-201711-0015

GHSA-VFRM-FG27-345M

CNVD-2017-38305

Tags

Sightings

Nomenclature