Vulnerabilities > CVE-2015-7269 - 7PK - Security Features vulnerability in Seagate St500Lt015 Firmware
Attack vector
PHYSICAL Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
Seagate ST500LT015 hard disk drives, when operating in eDrive mode on Lenovo ThinkPad W541 laptops with BIOS 2.21, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by attaching a second SATA connector to exposed pins, maintaining an alternate power source, and attaching the data cable to another machine, aka a "Hot Unplug Attack."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 1 | |
Hardware | 1 |
Common Weakness Enumeration (CWE)
References
- https://www.blackhat.com/docs/eu-15/materials/eu-15-Boteanu-Bypassing-Self-Encrypting-Drives-SED-In-Enterprise-Environments-wp.pdf
- https://www.blackhat.com/docs/eu-15/materials/eu-15-Boteanu-Bypassing-Self-Encrypting-Drives-SED-In-Enterprise-Environments-wp.pdf
- https://www.infoworld.com/article/3004913/encryption/self-encrypting-drives-are-hardly-any-better-than-software-based-encryption.html
- https://www.infoworld.com/article/3004913/encryption/self-encrypting-drives-are-hardly-any-better-than-software-based-encryption.html