CVE-2022-28387
CVE-2022-28387 is a medium-severity vulnerability in Verbatim Executive Fingerprint Secure Ssd Firmware with a CVSS 3.x base score of 4.6. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Medium (CVSS 3.x base score 4.6)
- CVSS v2: 2.1
- EPSS exploit prediction: 0% (38th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Verbatim Executive Fingerprint Secure Ssd Firmware
- Published:
- Last modified:
Description
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they can be unlocked by an attacker who can then gain unauthorized access to the stored data. The attacker can simply use an undocumented IOCTL command that retrieves the correct password. This affects Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 and Fingerprint Secure Portable Hard Drive Part Number #53650.
Frequently asked questions
- What is CVE-2022-28387?
- An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they can be unlocked by an attacker who can then gain unauthorized access to the stored data. The attacker can simply use an undocumented IOCTL command that retrieves the correct password. This affects Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 and Fingerprint Secure Portable Hard Drive Part Number #53650.
- How severe is CVE-2022-28387?
- CVE-2022-28387 has a CVSS 3.x base score of 4.6, rated medium severity. It is exploitable over physical access with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is high, integrity none, and availability none.
- Is CVE-2022-28387 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (38th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2022-28387?
- CVE-2022-28387 primarily affects Verbatim Executive Fingerprint Secure Ssd Firmware. In total, 2 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2022-28387?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2022-28387 published?
- CVE-2022-28387 was published on 2022-06-08 and last updated on 2026-06-17.
References
- http://packetstormsecurity.com/files/167527/Verbatim-Executive-Fingerprint-Secure-SSD-GDMSFE01-INI3637-C-VER1.1-Risky-Crypto.html
- http://packetstormsecurity.com/files/167531/Verbatim-Fingerprint-Secure-Portable-Hard-Drive-53650-Risky-Crypto.html
- http://seclists.org/fulldisclosure/2022/Jun/13
- http://seclists.org/fulldisclosure/2022/Jun/21
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-009.txt
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-014.txt
Affected products (2)
- cpe:2.3:o:verbatim:executive_fingerprint_secure_ssd_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:verbatim:fingerprint_secure_portable_hard_drive_firmware:*:*:*:*:*:*:*:*
More vulnerabilities in Verbatim Executive Fingerprint Secure Ssd Firmware
- CVE-2022-28382 — High (CVSS 7.5): An issue was discovered in certain Verbatim drives through 2022-03-31. Due to the use of an insecure encryption AES…
- CVE-2022-28383 — Medium (CVSS 6.8): An issue was discovered in certain Verbatim drives through 2022-03-31. Due to insufficient firmware validation, an…
- CVE-2022-28385 — Medium (CVSS 4.6): An issue was discovered in certain Verbatim drives through 2022-03-31. Due to missing integrity checks, an attacker can…
All CVEs affecting Verbatim Executive Fingerprint Secure Ssd Firmware →