Vulnerability Details : CVE-2015-7268
Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when used on Windows and operating in Opal mode on Lenovo ThinkPad T440s laptops with BIOS 2.32 or ThinkPad W541 laptops with BIOS 2.21, or in Opal or eDrive mode on Dell Latitude E6410 laptops with BIOS A16 or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by triggering a soft reset and booting from an alternative OS, aka a "Forced Restart Attack."
Products affected by CVE-2015-7268
- cpe:2.3:o:samsung:850_pro_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:samsung:pm851_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:seagate:st500lt015_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:seagate:st500lt025_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-7268
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 27 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-7268
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
1.9
|
LOW | AV:L/AC:M/Au:N/C:P/I:N/A:N |
3.4
|
2.9
|
NIST | |
4.2
|
MEDIUM | CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
0.5
|
3.6
|
NIST |
CWE ids for CVE-2015-7268
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-7268
-
https://www.infoworld.com/article/3004913/encryption/self-encrypting-drives-are-hardly-any-better-than-software-based-encryption.html
Self-encrypting drives are hardly any better than software-based encryption | InfoWorldTechnical Description;Third Party Advisory
-
https://www.blackhat.com/docs/eu-15/materials/eu-15-Boteanu-Bypassing-Self-Encrypting-Drives-SED-In-Enterprise-Environments-wp.pdf
Technical Description;Third Party Advisory
Jump to