Vulnerability identifier: #VU15755
Vulnerability risk: Low
CVSSv3.1: 4 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-200
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
850 EVO
Client/Desktop applications /
Software for system administration
840 EVO
Client/Desktop applications /
Software for system administration
T5
Client/Desktop applications /
Software for system administration
T3
Client/Desktop applications /
Software for system administration
MX300
Hardware solutions /
Firmware
MX200
Hardware solutions /
Firmware
MX100
Hardware solutions /
Firmware
Vendor:
Samsung
Crucial US
Description
The vulnerability allows a physical attacker to obtain potentially sensitive information on the target system.
The weakness exists due to the absence of a cryptographic link between the password provided by the end user and the cryptographic key used to encrypt user data. A physical attacker can access the key without knowing the password provided by the end user and decrypt information encrypted with that key.
Mitigation
Install updates for the vulnerable products from vendors' websites.
Vulnerable software versions
850 EVO: All versions
840 EVO: All versions
T5: All versions
T3: All versions
MX300: All versions
MX200: All versions
MX100: All versions
External links
http://www.kb.cert.org/vuls/id/395981/
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.