CVE-2019-10706

Sažetak

Western Digital SanDisk SanDisk X300, X300s, X400, and X600 devices: The firmware update authentication method relies on a symmetric HMAC digest. The key used to validate this digest is present in a protected area of the device, and if extracted could be used to install arbitrary firmware to other devices.

Reference

https://support.wdc.com/cat_products.aspx?ID=6&lang=en
https://www.westerndigital.com/support/productsecurity/wdc-19006-sandisk-x600-sata-ssd
https://www.westerndigital.com/support/productsecurity/wdc-19007-sandisk-x300-x400-sata-ssd

CVSS

Base:	6.3
Impact:	9.2
Exploitability:	3.4

Pristup

Vektor	Složenost	Autentikacija
LOCAL	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:M/Au:N/C:N/I:C/A:C

Zadnje važnije ažuriranje

13-03-2020 - 16:23

Objavljeno

10-03-2020 - 13:15