4.2

CVE-2015-7268

EPSS 0.06%
Published 27.11.2017 22:29:00
Last modified 20.04.2025 01:37:25
Source cret@cert.org
Teams watchlist Login
Open Login

Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when used on Windows and operating in Opal mode on Lenovo ThinkPad T440s laptops with BIOS 2.32 or ThinkPad W541 laptops with BIOS 2.21, or in Opal or eDrive mode on Dell Latitude E6410 laptops with BIOS A16 or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by triggering a soft reset and booting from an alternative OS, aka a "Forced Restart Attack."

Affected products Warnungen 0 Metrics 3 CWE 0 References 5

Data is provided by the National Vulnerability Database (NVD)

Samsung ≫ 850 Pro Firmware Version-

Samsung ≫ 850 Pro Version-

Samsung ≫ Pm851 Firmware Version-

Samsung ≫ Pm851 Version-

Seagate ≫ St500lt015 Firmware Version-

Seagate ≫ St500lt015 Version-

Seagate ≫ St500lt025 Firmware Version-

Seagate ≫ St500lt025 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.151

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.2	0.5	3.6	CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	1.9	3.4	2.9	AV:L/AC:M/Au:N/C:P/I:N/A:N

https://www.blackhat.com/docs/eu-15/materials/eu-15-Boteanu-Bypassing-Self-Encrypting-Drives-SED-In-Enterprise-Environments-wp.pdf

Third Party Advisory

Technical Description

https://www.infoworld.com/article/3004913/encryption/self-encrypting-drives-are-hardly-any-better-than-software-based-encryption.html

Third Party Advisory

Technical Description

https://nvd.nist.gov/vuln/detail/CVE-2015-7268

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-7268

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-7268

EUVD