6.8
CVE-2022-28383
- EPSS 0.12%
- Veröffentlicht 08.06.2022 16:15:08
- Zuletzt bearbeitet 21.11.2024 06:57:15
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginAn issue was discovered in certain Verbatim drives through 2022-03-31. Due to insufficient firmware validation, an attacker can store malicious firmware code for the USB-to-SATA bridge controller on the USB drive (e.g., by leveraging physical access during the supply chain). This code is then executed. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428, Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0, Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1, and Fingerprint Secure Portable Hard Drive Part Number #53650.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Verbatim ≫ Keypad Secure Usb 3.2 Gen 1 Firmware Version <= 2022-03-31
Verbatim ≫ Store 'n' Go Secure Portable Hdd Firmware Version <= 2022-03-31
Verbatim ≫ Executive Fingerprint Secure Ssd Firmware Version <= 2022-03-31
Verbatim ≫ Fingerprint Secure Portable Hard Drive Firmware Version <= 2022-03-31
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.31 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 0.9 | 5.9 |
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.