CVE-2015-7267

4.2MEDIUM

Key Information:

Vendor: Samsung
Status: 850 Pro Firmware
Vendor: CVE Published:; 27 November 2017

Summary

Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS 2.32; ThinkPad W541 laptops with BIOS 2.21; Dell Latitude E6410 laptops with BIOS A16; or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by leveraging failure to detect when SATA drives are unplugged in Sleep Mode, aka a "Hot Plug attack."

References

https://www.infoworld.com/article/3004913/encryption/self...

x_refsource_MISC

https://www.blackhat.com/docs/eu-15/materials/eu-15-Botea...

x_refsource_MISC

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 27, 2017
Vulnerability Reserved
Sep 18, 2015