CVE-2018-12038

4.2MEDIUM

Key Information:

Vendor
Samsung
Status
840 Evo Firmware
Vendor
CVE Published:
20 November 2018

Badges

👾 Exploit Exists🟡 Public PoC

Summary

An issue was discovered on Samsung 840 EVO devices. Vendor-specific commands may allow access to the disk-encryption key.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

remote-bitlocker-encryption-report
Created by gdraperi

References

https://security.netapp.com/advisory/ntap-20181112-0001/
x_refsource_CONFIRM
http://www.kb.cert.org/vuls/id/395981
third-party-advisoryx_refsource_CERT-VN
http://www.securityfocus.com/bid/105841
vdb-entryx_refsource_BID

CVSS V3.1

Score:
4.2
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Physical
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.