Vulnerabilities > CVE-2018-12037

CVSS 4.0 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

high complexity

samsung

micron

NVD

Published: 2018-11-20

Updated: 2019-10-03

Summary

An issue was discovered on Samsung 840 EVO and 850 EVO devices (only in "ATA high" mode, not vulnerable in "TCG" or "ATA max" mode), Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and MX300 devices. Absence of a cryptographic link between the password and the Disk Encryption Key allows attackers with privileged access to SSD firmware full access to encrypted data.

Vulnerable Configurations

Part	Description	Count
OS	Samsung Samsung 840 EVO Firmware - Samsung 850 EVO Firmware - Samsung T3 Firmware - Samsung T5 Firmware -	4
OS	Micron Micron Crucial Mx100 Firmware - Micron Crucial Mx200 Firmware - Micron Crucial Mx300 Firmware -	3
Hardware	Samsung Samsung 840 EVO - Samsung 850 EVO - Samsung T3 - Samsung T5 -	4
Hardware	Micron Micron Crucial Mx100 - Micron Crucial Mx200 - Micron Crucial Mx300 -	3

Vulnerabilities > CVE-2018-12037 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2018-12037"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2018-12037