Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-28383

Опубликовано: 08 июн. 2022
Источник: nvd
CVSS3: 6.8
CVSS2: 4.6
EPSS Низкий

Описание

An issue was discovered in certain Verbatim drives through 2022-03-31. Due to insufficient firmware validation, an attacker can store malicious firmware code for the USB-to-SATA bridge controller on the USB drive (e.g., by leveraging physical access during the supply chain). This code is then executed. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428, Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0, Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1, and Fingerprint Secure Portable Hard Drive Part Number #53650.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:verbatim:keypad_secure_usb_3.2_gen_1_firmware:*:*:*:*:*:*:*:*
Версия до 2022-03-31 (включая)
cpe:2.3:h:verbatim:keypad_secure_usb_3.2_gen_1:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:verbatim:store_\'n\'_go_secure_portable_hdd_firmware:*:*:*:*:*:*:*:*
Версия до 2022-03-31 (включая)
cpe:2.3:h:verbatim:store_\'n\'_go_secure_portable_hdd:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:o:verbatim:executive_fingerprint_secure_ssd_firmware:*:*:*:*:*:*:*:*
Версия до 2022-03-31 (включая)
cpe:2.3:h:verbatim:executive_fingerprint_secure_ssd:-:*:*:*:*:*:*:*
Конфигурация 4

Одновременно

cpe:2.3:o:verbatim:fingerprint_secure_portable_hard_drive_firmware:*:*:*:*:*:*:*:*
Версия до 2022-03-31 (включая)
cpe:2.3:h:verbatim:fingerprint_secure_portable_hard_drive:-:*:*:*:*:*:*:*

EPSS

Процентиль: 31%
0.00116
Низкий

6.8 Medium

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

github логотип

GHSA-fhv3-3747-jg9w

CVSS3: 6.8
github
больше 3 лет назад

An issue was discovered in certain Verbatim drives through 2022-03-31. Due to insufficient firmware validation, an attacker can store malicious firmware code for the USB-to-SATA bridge controller on the USB drive (e.g., by leveraging physical access during the supply chain). This code is then executed. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428, Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0, Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1, and Fingerprint Secure Portable Hard Drive Part Number #53650.

EPSS

Процентиль: 31%
0.00116
Низкий

6.8 Medium

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-20