cvelistv5 - CVE-2018-12037

CVE-2018-12037 (GCVE-0-2018-12037)

Vulnerability from cvelistv5

Published

2018-11-20 19:00

Modified

2024-08-05 08:24

Severity ?

CWE

Summary

References

URL	Tags
cve@mitre.org	http://www.securityfocus.com/bid/105840	Third Party Advisory, VDB Entry
cve@mitre.org	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180028	Patch, Third Party Advisory, Vendor Advisory
cve@mitre.org	https://security.netapp.com/advisory/ntap-20181112-0001/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105840	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180028	Patch, Third Party Advisory, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20181112-0001/	Third Party Advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T08:24:03.648Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20181112-0001/"
          },
          {
            "name": "105840",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105840"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180028"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-11-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered on Samsung 840 EVO and 850 EVO devices (only in \"ATA high\" mode, not vulnerable in \"TCG\" or \"ATA max\" mode), Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and MX300 devices. Absence of a cryptographic link between the password and the Disk Encryption Key allows attackers with privileged access to SSD firmware full access to encrypted data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-21T10:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20181112-0001/"
        },
        {
          "name": "105840",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105840"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180028"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-12037",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered on Samsung 840 EVO and 850 EVO devices (only in \"ATA high\" mode, not vulnerable in \"TCG\" or \"ATA max\" mode), Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and MX300 devices. Absence of a cryptographic link between the password and the Disk Encryption Key allows attackers with privileged access to SSD firmware full access to encrypted data."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.netapp.com/advisory/ntap-20181112-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20181112-0001/"
            },
            {
              "name": "105840",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105840"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180028",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180028"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-12037",
    "datePublished": "2018-11-20T19:00:00",
    "dateReserved": "2018-06-07T00:00:00",
    "dateUpdated": "2024-08-05T08:24:03.648Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-12037\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-11-20T19:29:00.247\",\"lastModified\":\"2024-11-21T03:44:28.030\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered on Samsung 840 EVO and 850 EVO devices (only in \\\"ATA high\\\" mode, not vulnerable in \\\"TCG\\\" or \\\"ATA max\\\" mode), Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and MX300 devices. Absence of a cryptographic link between the password and the Disk Encryption Key allows attackers with privileged access to SSD firmware full access to encrypted data.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto un problema en dispositivos Samsung 840 EVO y 850 EVO (solo en modo \\\"ATA high\\\"; no es vulnerable en los modos \\\"TCG\\\" o \\\"ATA max\\\"), los discos duros externos Samsung T3 y T5 y los dispositivos Crucial MX100, MX200 y MX300. La falta de un enlace criptogr\u00e1fico entre la contrase\u00f1a y la clave de cifrado del disco permite que los atacantes con acceso privilegiado al firmware SSD tengan acceso total a los datos cifrados.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":4.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.4,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":1.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.4,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:840_evo_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CCCBC3E-D0C8-4425-9262-7F158163F2EA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:samsung:840_evo:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32606060-FB21-4E49-8A9E-9A9197F6FAF4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:850_evo_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"294728E8-48DD-42E4-AE4B-683F59E9F7B5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:samsung:850_evo:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A7CC49B-C58A-4D9F-98C6-BED4F978CE52\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:t3_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"080BBC54-1E9D-4D4E-8847-6A32FCC0477C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:samsung:t3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA7BC29D-D192-424B-BF23-092ACDB1F4AE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:t5_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"738D6719-CD1D-4F45-B695-5E6E92131057\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:samsung:t5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"588B48AC-6A9D-4BBF-B1E3-A112CD455746\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:micron:crucial_mx100_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FAA6CCE-F209-460E-BC3A-25DE787BE502\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:micron:crucial_mx100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B865DB0F-A464-43BF-A886-D7242C64FEAC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:micron:crucial_mx200_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6718348D-973E-4C28-A612-7A6189A49CD7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:micron:crucial_mx200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71860471-8667-4373-9F13-5DF53366B025\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:micron:crucial_mx300_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7783258E-187C-426A-8A3A-9CC80D857F36\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:micron:crucial_mx300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D22E762E-E77A-440F-9E23-A25375DD8E3A\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/105840\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180028\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20181112-0001/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/105840\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180028\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20181112-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

gsd-2018-12037

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2018-12037

Aliases

CVE-2018-12037

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-12037",
    "description": "An issue was discovered on Samsung 840 EVO and 850 EVO devices (only in \"ATA high\" mode, not vulnerable in \"TCG\" or \"ATA max\" mode), Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and MX300 devices. Absence of a cryptographic link between the password and the Disk Encryption Key allows attackers with privileged access to SSD firmware full access to encrypted data.",
    "id": "GSD-2018-12037"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-12037"
      ],
      "details": "An issue was discovered on Samsung 840 EVO and 850 EVO devices (only in \"ATA high\" mode, not vulnerable in \"TCG\" or \"ATA max\" mode), Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and MX300 devices. Absence of a cryptographic link between the password and the Disk Encryption Key allows attackers with privileged access to SSD firmware full access to encrypted data.",
      "id": "GSD-2018-12037",
      "modified": "2023-12-13T01:22:30.685590Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2018-12037",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered on Samsung 840 EVO and 850 EVO devices (only in \"ATA high\" mode, not vulnerable in \"TCG\" or \"ATA max\" mode), Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and MX300 devices. Absence of a cryptographic link between the password and the Disk Encryption Key allows attackers with privileged access to SSD firmware full access to encrypted data."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://security.netapp.com/advisory/ntap-20181112-0001/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20181112-0001/"
          },
          {
            "name": "105840",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/105840"
          },
          {
            "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180028",
            "refsource": "MISC",
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180028"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:samsung:840_evo_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:samsung:840_evo:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:samsung:850_evo_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:samsung:850_evo:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:samsung:t3_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:samsung:t3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:samsung:t5_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:samsung:t5:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:micron:crucial_mx100_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:micron:crucial_mx100:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:micron:crucial_mx200_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:micron:crucial_mx200:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:micron:crucial_mx300_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:micron:crucial_mx300:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-12037"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered on Samsung 840 EVO and 850 EVO devices (only in \"ATA high\" mode, not vulnerable in \"TCG\" or \"ATA max\" mode), Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and MX300 devices. Absence of a cryptographic link between the password and the Disk Encryption Key allows attackers with privileged access to SSD firmware full access to encrypted data."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180028",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory",
                "Vendor Advisory"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180028"
            },
            {
              "name": "105840",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/105840"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20181112-0001/",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20181112-0001/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 0.4,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2018-11-20T19:29Z"
    }
  }
}

ghsa-xpvv-pv79-cqf9

Vulnerability from github

Published

2022-05-13 01:49

Modified

2022-05-13 01:49

Severity ?

4.0 (Medium) - CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-12037"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-11-20T19:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered on Samsung 840 EVO and 850 EVO devices (only in \"ATA high\" mode, not vulnerable in \"TCG\" or \"ATA max\" mode), Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and MX300 devices. Absence of a cryptographic link between the password and the Disk Encryption Key allows attackers with privileged access to SSD firmware full access to encrypted data.",
  "id": "GHSA-xpvv-pv79-cqf9",
  "modified": "2022-05-13T01:49:25Z",
  "published": "2022-05-13T01:49:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12037"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180028"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20181112-0001"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105840"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

An issue was discovered on Samsung 840 EVO and 850 EVO devices (only in "ATA high" mode, not vulnerable in "TCG" or "ATA max" mode), Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and MX300 devices. Absence of a cryptographic link between the password and the Disk Encryption Key allows attackers with privileged access to SSD firmware full access to encrypted data. ATA Security mode and TCG OPAL There are multiple vulnerabilities in the self-encrypting drive product that implements the standard, which could allow the attacker to decrypt the contents of the encrypted drive. This makes it possible to decrypt data without knowing the user-set password. CVE-2018-12038 Information about the data encryption key is recorded in a storage area with a wear leveling function. On devices with wear leveling, when data is updated, the data is written to a physically different location, so the original data may not be completely deleted. Self-Encrypting Drives are prone to a local security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. The Micron Crucial MX100, MX200, and MX300 are all silver disk drives from Micron. Samsung T3 and so on are all hard disk drives of South Korea's Samsung (Samsung) company

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0024",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "crucial mx300",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "micron",
        "version": null
      },
      {
        "model": "crucial mx200",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "micron",
        "version": null
      },
      {
        "model": "crucial mx100",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "micron",
        "version": null
      },
      {
        "model": "t5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "samsung",
        "version": null
      },
      {
        "model": "850 evo",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "samsung",
        "version": null
      },
      {
        "model": "840 evo",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "samsung",
        "version": null
      },
      {
        "model": "t3",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "samsung",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "micron",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "samsung semiconductor",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sandisk",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "western digital",
        "version": null
      },
      {
        "model": "crucial mx100 drive",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "micron",
        "version": "(cve-2018-12037)"
      },
      {
        "model": "crucial mx200 drive",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "micron",
        "version": "(cve-2018-12037)"
      },
      {
        "model": "crucial mx300 drive",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "micron",
        "version": "(cve-2018-12037)"
      },
      {
        "model": "840 evo drive",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "samsung",
        "version": "(cve-2018-12037)(cve-2018-12038)"
      },
      {
        "model": "850 evo drive",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "samsung",
        "version": "(ata high it is affected in the case of mode. tcg mode or  ata max the mode is not affected. )(cve-2018-12037)"
      },
      {
        "model": "portable drive",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "samsung",
        "version": "t3 (cve-2018-12037)"
      },
      {
        "model": "portable drive",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "samsung",
        "version": "t5 (cve-2018-12037)"
      },
      {
        "model": "t5 portable drives",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "samsung",
        "version": "0"
      },
      {
        "model": "t3 portable drives",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "samsung",
        "version": "0"
      },
      {
        "model": "evo drive",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "samsung",
        "version": "8500"
      },
      {
        "model": "evo drives",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "samsung",
        "version": "8400"
      },
      {
        "model": "windows server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20190"
      },
      {
        "model": "windows server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20160"
      },
      {
        "model": "windows server r2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20120"
      },
      {
        "model": "windows server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20120"
      },
      {
        "model": "windows server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "18030"
      },
      {
        "model": "windows server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "17090"
      },
      {
        "model": "windows rt",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "8.1"
      },
      {
        "model": "windows for x64-based systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "8.10"
      },
      {
        "model": "windows for 32-bit systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "8.10"
      },
      {
        "model": "windows version for x64-based systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1018090"
      },
      {
        "model": "windows version for arm64-based systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1018090"
      },
      {
        "model": "windows version for 32-bit systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1018090"
      },
      {
        "model": "windows version for x64-based systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1018030"
      },
      {
        "model": "windows version for arm64-based systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1018030"
      },
      {
        "model": "windows version for 32-bit systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1018030"
      },
      {
        "model": "windows version for x64-based systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1017090"
      },
      {
        "model": "windows version for arm64-based systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1017090"
      },
      {
        "model": "windows version for 32-bit systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1017090"
      },
      {
        "model": "windows version for x64-based systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1017030"
      },
      {
        "model": "windows version for 32-bit systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1017030"
      },
      {
        "model": "windows version for x64-based systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1016070"
      },
      {
        "model": "windows version for 32-bit systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1016070"
      },
      {
        "model": "windows for x64-based systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "100"
      },
      {
        "model": "windows for 32-bit systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "100"
      },
      {
        "model": "mx300 drive",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "micron",
        "version": "0"
      },
      {
        "model": "mx200 drive",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "micron",
        "version": "0"
      },
      {
        "model": "mx100 drive",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "micron",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#395981"
      },
      {
        "db": "BID",
        "id": "105840"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009133"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-169"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-12037"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:micron:crucial_mx100_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:micron:crucial_mx200_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:micron:crucial_mx300_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:misc:samsung_electronics_samsung_840_evo_drive",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:misc:samsung_electronics_samsung_850_evo_drive",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:misc:samsung_electronics_samsung_portable_drive",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009133"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Carlo Meijer and Bernard van Gastel from the Dutch Radboud University",
    "sources": [
      {
        "db": "BID",
        "id": "105840"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-12037",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "CVE-2018-12037",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 1.0,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Local",
            "authentication": "None",
            "author": "JPCERT/CC",
            "availabilityImpact": "None",
            "baseScore": 6.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-009133",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "VHN-121956",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:L/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.4,
            "id": "CVE-2018-12037",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Physical",
            "author": "JPCERT/CC",
            "availabilityImpact": "High",
            "baseScore": 6.1,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-009133",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-12037",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "JPCERT/CC",
            "id": "JVNDB-2018-009133",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201811-169",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-121956",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-121956"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009133"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-169"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-12037"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An issue was discovered on Samsung 840 EVO and 850 EVO devices (only in \"ATA high\" mode, not vulnerable in \"TCG\" or \"ATA max\" mode), Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and MX300 devices. Absence of a cryptographic link between the password and the Disk Encryption Key allows attackers with privileged access to SSD firmware full access to encrypted data. ATA Security mode and TCG OPAL There are multiple vulnerabilities in the self-encrypting drive product that implements the standard, which could allow the attacker to decrypt the contents of the encrypted drive. This makes it possible to decrypt data without knowing the user-set password. CVE-2018-12038 Information about the data encryption key is recorded in a storage area with a wear leveling function. On devices with wear leveling, when data is updated, the data is written to a physically different location, so the original data may not be completely deleted. Self-Encrypting Drives are prone to a local security-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. The Micron Crucial MX100, MX200, and MX300 are all silver disk drives from Micron. Samsung T3 and so on are all hard disk drives of South Korea\u0027s Samsung (Samsung) company",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-12037"
      },
      {
        "db": "CERT/CC",
        "id": "VU#395981"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009133"
      },
      {
        "db": "BID",
        "id": "105840"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121956"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-12037",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "105840",
        "trust": 2.0
      },
      {
        "db": "CERT/CC",
        "id": "VU#395981",
        "trust": 1.9
      },
      {
        "db": "LENOVO",
        "id": "LEN-25256",
        "trust": 1.4
      },
      {
        "db": "JVN",
        "id": "JVNVU90149383",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009133",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-169",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-121956",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#395981"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121956"
      },
      {
        "db": "BID",
        "id": "105840"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009133"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-169"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-12037"
      }
    ]
  },
  "id": "VAR-201811-0024",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-121956"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T22:17:16.442000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSD Support",
        "trust": 0.8,
        "url": "http://www.crucial.com/usa/en/support-ssd-firmware"
      },
      {
        "title": "BitLocker Group Policy Settings",
        "trust": 0.8,
        "url": "https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings"
      },
      {
        "title": "Consumer Notice regarding Samsung SSDs",
        "trust": 0.8,
        "url": "https://www.samsung.com/semiconductor/minisite/ssd/support/consumer-notice/"
      },
      {
        "title": "Micron Crucial MX100 a variety of products and Samsung T3 Various product security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97713"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009133"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-169"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-310",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-121956"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-12037"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv180028"
      },
      {
        "trust": 2.4,
        "url": "https://www.westerndigital.com/support/productsecurity/wdc-19006-sandisk-x600-sata-ssd"
      },
      {
        "trust": 2.2,
        "url": "https://support.lenovo.com/us/en/product_security/len-25256"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/105840"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20181112-0001/"
      },
      {
        "trust": 1.6,
        "url": "https://www.ru.nl/english/news-agenda/news/vm/icis/cyber-security/2018/radboud-university-researchers-discover-security/"
      },
      {
        "trust": 1.6,
        "url": "https://www.ncsc.nl/dienstverlening/response-op-dreigingen-en-incidenten/beveiligingsadviezen/ncsc-2018-0984+1.00+meerdere+kwetsbaarheden+ontdekt+in+implementaties+self-encrypting+drives.html"
      },
      {
        "trust": 0.8,
        "url": "https://www.ru.nl/publish/pages/909282/draft-paper.pdf"
      },
      {
        "trust": 0.8,
        "url": "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj679890(v=ws.11)#configure-use-of-hardware-based-encryption-for-fixed-data-drives"
      },
      {
        "trust": 0.8,
        "url": "https://www.samsung.com/semiconductor/minisite/ssd/support/consumer-notice/"
      },
      {
        "trust": 0.8,
        "url": "https://www.crucial.com/usa/en/support-ssd-firmware/"
      },
      {
        "trust": 0.8,
        "url": "https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings#bkmk-hdefxd"
      },
      {
        "trust": 0.8,
        "url": "https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings#bkmk-hdeosd"
      },
      {
        "trust": 0.8,
        "url": "https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings#bkmk-hderdd"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12037"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12038"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu90149383/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12037"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12038"
      },
      {
        "trust": 0.8,
        "url": "https://kb.cert.org/vuls/id/395981/"
      },
      {
        "trust": 0.3,
        "url": "http://www.crucial.com"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com"
      },
      {
        "trust": 0.3,
        "url": "http://www.samsung.com/"
      },
      {
        "trust": 0.3,
        "url": "https://www.ru.nl/publish/pages/909275/draft-paper_1.pdf"
      },
      {
        "trust": 0.3,
        "url": "https://www.kb.cert.org/vuls/id/395981/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#395981"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121956"
      },
      {
        "db": "BID",
        "id": "105840"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009133"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-169"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-12037"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#395981"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121956"
      },
      {
        "db": "BID",
        "id": "105840"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009133"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-169"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-12037"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-11-06T00:00:00",
        "db": "CERT/CC",
        "id": "VU#395981"
      },
      {
        "date": "2018-11-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-121956"
      },
      {
        "date": "2018-11-06T00:00:00",
        "db": "BID",
        "id": "105840"
      },
      {
        "date": "2018-11-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-009133"
      },
      {
        "date": "2018-11-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201811-169"
      },
      {
        "date": "2018-11-20T19:29:00.247000",
        "db": "NVD",
        "id": "CVE-2018-12037"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-11-14T00:00:00",
        "db": "CERT/CC",
        "id": "VU#395981"
      },
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-121956"
      },
      {
        "date": "2018-11-06T00:00:00",
        "db": "BID",
        "id": "105840"
      },
      {
        "date": "2019-08-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-009133"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201811-169"
      },
      {
        "date": "2024-11-21T03:44:28.030000",
        "db": "NVD",
        "id": "CVE-2018-12037"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "105840"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-169"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Self-encrypting hard drives do not adequately protect data",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#395981"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-169"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2018-12037

Vulnerability from fkie_nvd

Published

2018-11-20 19:29

Modified

2024-11-21 03:44

Severity ?

4.0 (Medium) - CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
cve@mitre.org	http://www.securityfocus.com/bid/105840	Third Party Advisory, VDB Entry
cve@mitre.org	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180028	Patch, Third Party Advisory, Vendor Advisory
cve@mitre.org	https://security.netapp.com/advisory/ntap-20181112-0001/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105840	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180028	Patch, Third Party Advisory, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20181112-0001/	Third Party Advisory

Impacted products

Vendor	Product	Version
samsung	840_evo_firmware	-
samsung	840_evo	-
samsung	850_evo_firmware	-
samsung	850_evo	-
samsung	t3_firmware	-
samsung	t3	-
samsung	t5_firmware	-
samsung	t5	-
micron	crucial_mx100_firmware	-
micron	crucial_mx100	-
micron	crucial_mx200_firmware	-
micron	crucial_mx200	-
micron	crucial_mx300_firmware	-
micron	crucial_mx300	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:samsung:840_evo_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CCCBC3E-D0C8-4425-9262-7F158163F2EA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:samsung:840_evo:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32606060-FB21-4E49-8A9E-9A9197F6FAF4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:samsung:850_evo_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "294728E8-48DD-42E4-AE4B-683F59E9F7B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:samsung:850_evo:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A7CC49B-C58A-4D9F-98C6-BED4F978CE52",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:samsung:t3_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "080BBC54-1E9D-4D4E-8847-6A32FCC0477C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:samsung:t3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA7BC29D-D192-424B-BF23-092ACDB1F4AE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:samsung:t5_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "738D6719-CD1D-4F45-B695-5E6E92131057",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:samsung:t5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "588B48AC-6A9D-4BBF-B1E3-A112CD455746",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:micron:crucial_mx100_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FAA6CCE-F209-460E-BC3A-25DE787BE502",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:micron:crucial_mx100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B865DB0F-A464-43BF-A886-D7242C64FEAC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:micron:crucial_mx200_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6718348D-973E-4C28-A612-7A6189A49CD7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:micron:crucial_mx200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "71860471-8667-4373-9F13-5DF53366B025",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:micron:crucial_mx300_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7783258E-187C-426A-8A3A-9CC80D857F36",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:micron:crucial_mx300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D22E762E-E77A-440F-9E23-A25375DD8E3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered on Samsung 840 EVO and 850 EVO devices (only in \"ATA high\" mode, not vulnerable in \"TCG\" or \"ATA max\" mode), Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and MX300 devices. Absence of a cryptographic link between the password and the Disk Encryption Key allows attackers with privileged access to SSD firmware full access to encrypted data."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en dispositivos Samsung 840 EVO y 850 EVO (solo en modo \"ATA high\"; no es vulnerable en los modos \"TCG\" o \"ATA max\"), los discos duros externos Samsung T3 y T5 y los dispositivos Crucial MX100, MX200 y MX300. La falta de un enlace criptogr\u00e1fico entre la contrase\u00f1a y la clave de cifrado del disco permite que los atacantes con acceso privilegiado al firmware SSD tengan acceso total a los datos cifrados."
    }
  ],
  "id": "CVE-2018-12037",
  "lastModified": "2024-11-21T03:44:28.030",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 1.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 0.4,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-11-20T19:29:00.247",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105840"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180028"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20181112-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105840"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180028"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20181112-0001/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2018-12037 (GCVE-0-2018-12037)

Vulnerability from cvelistv5

gsd-2018-12037

Vulnerability from gsd

ghsa-xpvv-pv79-cqf9

Vulnerability from github

var-201811-0024

Vulnerability from variot

fkie_cve-2018-12037

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature