Bypassing Self-Encrypting Drive Protection on Lenovo ThinkPad W541 Laptops
CVE-2015-7269

4.2MEDIUM

Key Information:

Vendor: Seagate
Status: St500lt015 Firmware
Vendor: CVE Published:; 27 November 2017

What is CVE-2015-7269?

The Seagate ST500LT015 hard disk drives exhibit a vulnerability when utilized in eDrive mode on Lenovo ThinkPad W541 laptops configured with BIOS version 2.21. This flaw allows attackers in physical proximity to exploit the drive's self-encrypting features. By connecting a second SATA connector to exposed pins and maintaining an alternate power source, an attacker can perform a 'Hot Unplug Attack.' This method enables unauthorized access to confidential data stored on the drive, bypassing the intended protection mechanisms of the Self-Encrypting Drive (SED). The implications of such a vulnerability pose significant risks to data integrity and security for users employing these drives in sensitive environments.

References

https://www.infoworld.com/article/3004913/encryption/self...

x_refsource_MISC

https://www.blackhat.com/docs/eu-15/materials/eu-15-Botea...

x_refsource_MISC

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 27, 2017
Vulnerability Reserved
Sep 18, 2015

JSON