CVE-2022-28385
CVE-2022-28385 is a medium-severity vulnerability in Verbatim Executive Fingerprint Secure Ssd Firmware with a CVSS 3.x base score of 4.6. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-345.
Key facts
- Severity: Medium (CVSS 3.x base score 4.6)
- CVSS v2: 2.1
- EPSS exploit prediction: 0% (23rd percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-345
- Affected product: Verbatim Executive Fingerprint Secure Ssd Firmware
- Published:
- Last modified:
Description
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to missing integrity checks, an attacker can manipulate the content of the emulated CD-ROM drive (containing the Windows and macOS client software). The content of this emulated CD-ROM drive is stored as an ISO-9660 image in the hidden sectors of the USB drive, that can only be accessed using special IOCTL commands, or when installing the drive in an external disk enclosure. By manipulating this ISO-9660 image or replacing it with another one, an attacker is able to store malicious software on the emulated CD-ROM drive. This software may get executed by an unsuspecting victim when using the device. For example, an attacker with temporary physical access during the supply chain could program a modified ISO-9660 image on a device that always accepts an attacker-controlled password for unlocking the device. If the attacker later on gains access to the used USB drive, he can simply decrypt all contained user data. Storing arbitrary other malicious software is also possible. This affects Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 and Fingerprint Secure Portable Hard Drive Part Number #53650.
Frequently asked questions
- What is CVE-2022-28385?
- An issue was discovered in certain Verbatim drives through 2022-03-31. Due to missing integrity checks, an attacker can manipulate the content of the emulated CD-ROM drive (containing the Windows and macOS client software). The content of this emulated CD-ROM drive is stored as an ISO-9660 image in the hidden sectors of the USB drive, that can only be accessed using special IOCTL commands, or when installing the drive in an external disk enclosure. By manipulating this ISO-9660 image or replacing it with another one, an attacker is able to store malicious software on the emulated CD-ROM drive. This software may get executed by an unsuspecting victim when using the device. For example, an attacker with temporary physical access during the supply chain could program a modified ISO-9660 image on a device that always accepts an attacker-controlled password for unlocking the device. If the attacker later on gains access to the used USB drive, he can simply decrypt all contained user data. Storing arbitrary other malicious software is also possible. This affects Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 and Fingerprint Secure Portable Hard Drive Part Number #53650.
- How severe is CVE-2022-28385?
- CVE-2022-28385 has a CVSS 3.x base score of 4.6, rated medium severity. It is exploitable over physical access with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is high, integrity none, and availability none.
- Is CVE-2022-28385 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (23rd percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2022-28385?
- CVE-2022-28385 primarily affects Verbatim Executive Fingerprint Secure Ssd Firmware. In total, 2 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2022-28385?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2022-28385 published?
- CVE-2022-28385 was published on 2022-06-08 and last updated on 2026-06-17.
References
- http://packetstormsecurity.com/files/167536/Verbatim-Fingerprint-Secure-Portable-Hard-Drive-53650-Insufficient-Verification.html
- http://packetstormsecurity.com/files/167546/Verbatim-Executive-Fingerprint-Secure-SSD-GDMSFE01-INI3637-C-VER1.1-Insufficient-Verification.html
- http://seclists.org/fulldisclosure/2022/Jun/23
- http://seclists.org/fulldisclosure/2022/Jun/26
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-013.txt
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-017.txt
Affected products (2)
- cpe:2.3:o:verbatim:executive_fingerprint_secure_ssd_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:verbatim:fingerprint_secure_portable_hard_drive_firmware:*:*:*:*:*:*:*:*
More vulnerabilities in Verbatim Executive Fingerprint Secure Ssd Firmware
- CVE-2022-28382 — High (CVSS 7.5): An issue was discovered in certain Verbatim drives through 2022-03-31. Due to the use of an insecure encryption AES…
- CVE-2022-28383 — Medium (CVSS 6.8): An issue was discovered in certain Verbatim drives through 2022-03-31. Due to insufficient firmware validation, an…
- CVE-2022-28387 — Medium (CVSS 4.6): An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they can be unlocked…
All CVEs affecting Verbatim Executive Fingerprint Secure Ssd Firmware →
Other CWE-345 (Insufficient Verification of Data Authenticity) vulnerabilities
- CVE-2026-35051 — Critical (CVSS 10.0): Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is an…
- CVE-2014-8165 — Critical (CVSS 10.0): scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module unsafely, which allows remote…
- CVE-2026-50195 — Critical (CVSS 9.9): containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a vulnerability in the…
- CVE-2022-36130 — Critical (CVSS 9.9): HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were associated…
- CVE-2026-50214 — Critical (CVSS 9.8): The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing…
- CVE-2025-15385 — Critical (CVSS 9.8): Insufficient Verification of Data Authenticity vulnerability in TECNO Mobile com.Afmobi.Boomplayer allows…
Browse all CWE-345 (Insufficient Verification of Data Authenticity) vulnerabilities →