CVE-2022-28387

An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they can be unlocked by an attacker who can then gain unauthorized access to the stored data. The attacker can simply use an undocumented IOCTL command that retrieves the correct password. This affects Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 and Fingerprint Secure Portable Hard Drive Part Number #53650.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:verbatim:executive_fingerprint_secure_ssd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:verbatim:executive_fingerprint_secure_ssd:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:verbatim:fingerprint_secure_portable_hard_drive_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:verbatim:fingerprint_secure_portable_hard_drive:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:57

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/167527/Verbatim-Executive-Fingerprint-Secure-SSD-GDMSFE01-INI3637-C-VER1.1-Risky-Crypto.html - Exploit, Mailing List, Third Party Advisory () http://packetstormsecurity.com/files/167527/Verbatim-Executive-Fingerprint-Secure-SSD-GDMSFE01-INI3637-C-VER1.1-Risky-Crypto.html - Exploit, Mailing List, Third Party Advisory
References () http://packetstormsecurity.com/files/167531/Verbatim-Fingerprint-Secure-Portable-Hard-Drive-53650-Risky-Crypto.html - Exploit, Mailing List, Third Party Advisory () http://packetstormsecurity.com/files/167531/Verbatim-Fingerprint-Secure-Portable-Hard-Drive-53650-Risky-Crypto.html - Exploit, Mailing List, Third Party Advisory
References () http://seclists.org/fulldisclosure/2022/Jun/13 - Exploit, Mailing List, Third Party Advisory () http://seclists.org/fulldisclosure/2022/Jun/13 - Exploit, Mailing List, Third Party Advisory
References () http://seclists.org/fulldisclosure/2022/Jun/21 - Exploit, Mailing List, Third Party Advisory () http://seclists.org/fulldisclosure/2022/Jun/21 - Exploit, Mailing List, Third Party Advisory
References () https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-009.txt - Exploit, Third Party Advisory () https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-009.txt - Exploit, Third Party Advisory
References () https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-014.txt - Exploit, Third Party Advisory () https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-014.txt - Exploit, Third Party Advisory

21 Jun 2022, 17:42

Type Values Removed Values Added
CWE NVD-CWE-noinfo
CPE cpe:2.3:h:verbatim:fingerprint_secure_portable_hard_drive:-:*:*:*:*:*:*:*
cpe:2.3:o:verbatim:executive_fingerprint_secure_ssd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:verbatim:executive_fingerprint_secure_ssd:-:*:*:*:*:*:*:*
cpe:2.3:o:verbatim:fingerprint_secure_portable_hard_drive_firmware:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 2.1
v3 : 4.6
References (FULLDISC) http://seclists.org/fulldisclosure/2022/Jun/21 - (FULLDISC) http://seclists.org/fulldisclosure/2022/Jun/21 - Exploit, Mailing List, Third Party Advisory
References (FULLDISC) http://seclists.org/fulldisclosure/2022/Jun/13 - (FULLDISC) http://seclists.org/fulldisclosure/2022/Jun/13 - Exploit, Mailing List, Third Party Advisory
References (MISC) http://packetstormsecurity.com/files/167531/Verbatim-Fingerprint-Secure-Portable-Hard-Drive-53650-Risky-Crypto.html - (MISC) http://packetstormsecurity.com/files/167531/Verbatim-Fingerprint-Secure-Portable-Hard-Drive-53650-Risky-Crypto.html - Exploit, Mailing List, Third Party Advisory
References (MISC) https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-014.txt - (MISC) https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-014.txt - Exploit, Third Party Advisory
References (MISC) http://packetstormsecurity.com/files/167527/Verbatim-Executive-Fingerprint-Secure-SSD-GDMSFE01-INI3637-C-VER1.1-Risky-Crypto.html - (MISC) http://packetstormsecurity.com/files/167527/Verbatim-Executive-Fingerprint-Secure-SSD-GDMSFE01-INI3637-C-VER1.1-Risky-Crypto.html - Exploit, Mailing List, Third Party Advisory
References (MISC) https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-009.txt - (MISC) https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-009.txt - Exploit, Third Party Advisory

20 Jun 2022, 19:15

Type Values Removed Values Added
References
  • (MISC) http://packetstormsecurity.com/files/167531/Verbatim-Fingerprint-Secure-Portable-Hard-Drive-53650-Risky-Crypto.html -
  • (MISC) http://packetstormsecurity.com/files/167527/Verbatim-Executive-Fingerprint-Secure-SSD-GDMSFE01-INI3637-C-VER1.1-Risky-Crypto.html -

11 Jun 2022, 08:15

Type Values Removed Values Added
References
  • (FULLDISC) http://seclists.org/fulldisclosure/2022/Jun/21 -
  • (FULLDISC) http://seclists.org/fulldisclosure/2022/Jun/13 -

08 Jun 2022, 16:23

Type Values Removed Values Added
New CVE

Information

Published : 2022-06-08 16:15

Updated : 2024-11-21 06:57


NVD link : CVE-2022-28387

Mitre link : CVE-2022-28387

CVE.ORG link : CVE-2022-28387


JSON object : View

Products Affected

verbatim

  • executive_fingerprint_secure_ssd_firmware
  • executive_fingerprint_secure_ssd
  • fingerprint_secure_portable_hard_drive_firmware
  • fingerprint_secure_portable_hard_drive