Sign-up

ID

VAR-201811-0024


CVE

CVE-2018-12037


TITLE

Self-encrypting hard drives do not adequately protect data

Trust: 0.8

sources: CERT/CC: VU#395981

DESCRIPTION

An issue was discovered on Samsung 840 EVO and 850 EVO devices (only in "ATA high" mode, not vulnerable in "TCG" or "ATA max" mode), Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and MX300 devices. Absence of a cryptographic link between the password and the Disk Encryption Key allows attackers with privileged access to SSD firmware full access to encrypted data. ATA Security mode and TCG OPAL There are multiple vulnerabilities in the self-encrypting drive product that implements the standard, which could allow the attacker to decrypt the contents of the encrypted drive. This makes it possible to decrypt data without knowing the user-set password. CVE-2018-12038 Information about the data encryption key is recorded in a storage area with a wear leveling function. On devices with wear leveling, when data is updated, the data is written to a physically different location, so the original data may not be completely deleted. Self-Encrypting Drives are prone to a local security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. The Micron Crucial MX100, MX200, and MX300 are all silver disk drives from Micron. Samsung T3 and so on are all hard disk drives of South Korea's Samsung (Samsung) company

Trust: 2.7

sources: NVD: CVE-2018-12037 // CERT/CC: VU#395981 // JVNDB: JVNDB-2018-009133 // BID: 105840 // VULHUB: VHN-121956

AFFECTED PRODUCTS

vendor:micronmodel:crucial mx300scope:eqversion: -

Trust: 1.6

vendor:micronmodel:crucial mx200scope:eqversion: -

Trust: 1.6

vendor:micronmodel:crucial mx100scope:eqversion: -

Trust: 1.6

vendor:samsungmodel:840 evoscope:eqversion: -

Trust: 1.0

vendor:samsungmodel:t5scope:eqversion: -

Trust: 1.0

vendor:samsungmodel:t3scope:eqversion: -

Trust: 1.0

vendor:samsungmodel:850 evoscope:eqversion: -

Trust: 1.0

vendor:lenovomodel: - scope: - version: -

Trust: 0.8

vendor:micronmodel: - scope: - version: -

Trust: 0.8

vendor:microsoftmodel: - scope: - version: -

Trust: 0.8

vendor:samsung semiconductormodel: - scope: - version: -

Trust: 0.8

vendor:sandiskmodel: - scope: - version: -

Trust: 0.8

vendor:western digitalmodel: - scope: - version: -

Trust: 0.8

vendor:micronmodel:crucial mx100 drivescope:eqversion:(cve-2018-12037)

Trust: 0.8

vendor:micronmodel:crucial mx200 drivescope:eqversion:(cve-2018-12037)

Trust: 0.8

vendor:micronmodel:crucial mx300 drivescope:eqversion:(cve-2018-12037)

Trust: 0.8

vendor:samsungmodel:840 evo drivescope:eqversion:(cve-2018-12037)(cve-2018-12038)

Trust: 0.8

vendor:samsungmodel:850 evo drivescope:eqversion:(ata high it is affected in the case of mode. tcg mode or ata max the mode is not affected. )(cve-2018-12037)

Trust: 0.8

vendor:samsungmodel:portable drivescope:eqversion:t3 (cve-2018-12037)

Trust: 0.8

vendor:samsungmodel:portable drivescope:eqversion:t5 (cve-2018-12037)

Trust: 0.8

vendor:samsungmodel:t5 portable drivesscope:eqversion:0

Trust: 0.3

vendor:samsungmodel:t3 portable drivesscope:eqversion:0

Trust: 0.3

vendor:samsungmodel:evo drivescope:eqversion:8500

Trust: 0.3

vendor:samsungmodel:evo drivesscope:eqversion:8400

Trust: 0.3

vendor:microsoftmodel:windows serverscope:eqversion:20190

Trust: 0.3

vendor:microsoftmodel:windows serverscope:eqversion:20160

Trust: 0.3

vendor:microsoftmodel:windows server r2scope:eqversion:20120

Trust: 0.3

vendor:microsoftmodel:windows serverscope:eqversion:20120

Trust: 0.3

vendor:microsoftmodel:windows serverscope:eqversion:18030

Trust: 0.3

vendor:microsoftmodel:windows serverscope:eqversion:17090

Trust: 0.3

vendor:microsoftmodel:windows rtscope:eqversion:8.1

Trust: 0.3

vendor:microsoftmodel:windows for x64-based systemsscope:eqversion:8.10

Trust: 0.3

vendor:microsoftmodel:windows for 32-bit systemsscope:eqversion:8.10

Trust: 0.3

vendor:microsoftmodel:windows version for x64-based systemsscope:eqversion:1018090

Trust: 0.3

vendor:microsoftmodel:windows version for arm64-based systemsscope:eqversion:1018090

Trust: 0.3

vendor:microsoftmodel:windows version for 32-bit systemsscope:eqversion:1018090

Trust: 0.3

vendor:microsoftmodel:windows version for x64-based systemsscope:eqversion:1018030

Trust: 0.3

vendor:microsoftmodel:windows version for arm64-based systemsscope:eqversion:1018030

Trust: 0.3

vendor:microsoftmodel:windows version for 32-bit systemsscope:eqversion:1018030

Trust: 0.3

vendor:microsoftmodel:windows version for x64-based systemsscope:eqversion:1017090

Trust: 0.3

vendor:microsoftmodel:windows version for arm64-based systemsscope:eqversion:1017090

Trust: 0.3

vendor:microsoftmodel:windows version for 32-bit systemsscope:eqversion:1017090

Trust: 0.3

vendor:microsoftmodel:windows version for x64-based systemsscope:eqversion:1017030

Trust: 0.3

vendor:microsoftmodel:windows version for 32-bit systemsscope:eqversion:1017030

Trust: 0.3

vendor:microsoftmodel:windows version for x64-based systemsscope:eqversion:1016070

Trust: 0.3

vendor:microsoftmodel:windows version for 32-bit systemsscope:eqversion:1016070

Trust: 0.3

vendor:microsoftmodel:windows for x64-based systemsscope:eqversion:100

Trust: 0.3

vendor:microsoftmodel:windows for 32-bit systemsscope:eqversion:100

Trust: 0.3

vendor:micronmodel:mx300 drivescope:eqversion:0

Trust: 0.3

vendor:micronmodel:mx200 drivescope:eqversion:0

Trust: 0.3

vendor:micronmodel:mx100 drivescope:eqversion:0

Trust: 0.3

sources: CERT/CC: VU#395981 // BID: 105840 // JVNDB: JVNDB-2018-009133 // CNNVD: CNNVD-201811-169 // NVD: CVE-2018-12037

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-12037
value: MEDIUM

Trust: 1.0

JPCERT/CC: JVNDB-2018-009133
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201811-169
value: MEDIUM

Trust: 0.6

VULHUB: VHN-121956
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-12037
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

JPCERT/CC: JVNDB-2018-009133
severity: MEDIUM
baseScore: 6.3
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-121956
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-12037
baseSeverity: MEDIUM
baseScore: 4.0
vectorString: CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: PHYSICAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.4
impactScore: 3.6
version: 3.0

Trust: 1.0

JPCERT/CC: JVNDB-2018-009133
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-121956 // JVNDB: JVNDB-2018-009133 // CNNVD: CNNVD-201811-169 // NVD: CVE-2018-12037

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-310

Trust: 0.1

sources: VULHUB: VHN-121956 // NVD: CVE-2018-12037

THREAT TYPE

local

Trust: 0.9

sources: BID: 105840 // CNNVD: CNNVD-201811-169

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201811-169

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-009133

PATCH
title:SSD Supporturl:http://www.crucial.com/usa/en/support-ssd-firmware
Trust: 0.8
title:BitLocker Group Policy Settingsurl:https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings
Trust: 0.8
title:Consumer Notice regarding Samsung SSDsurl:https://www.samsung.com/semiconductor/minisite/ssd/support/consumer-notice/
Trust: 0.8
title:Micron Crucial MX100 a variety of products and Samsung T3 Various product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97713
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-009133 // 
            
            
            
            CNNVD: CNNVD-201811-169

EXTERNAL IDS
db:NVDid:CVE-2018-12037
Trust: 2.8
db:BIDid:105840
Trust: 2.0
db:CERT/CCid:VU#395981
Trust: 1.9
db:LENOVOid:LEN-25256
Trust: 1.4
db:JVNid:JVNVU90149383
Trust: 0.8
db:JVNDBid:JVNDB-2018-009133
Trust: 0.8
db:CNNVDid:CNNVD-201811-169
Trust: 0.7
db:VULHUBid:VHN-121956
Trust: 0.1
sources:
            
            
            CERT/CC: VU#395981 // 
            
            
            
            VULHUB: VHN-121956 // 
            
            
            
            BID: 105840 // 
            
            
            
            JVNDB: JVNDB-2018-009133 // 
            
            
            
            CNNVD: CNNVD-201811-169 // 
            
            
            
            NVD: CVE-2018-12037

REFERENCES
url:https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv180028
Trust: 2.8
url:https://www.westerndigital.com/support/productsecurity/wdc-19006-sandisk-x600-sata-ssd
Trust: 2.4
url:https://support.lenovo.com/us/en/product_security/len-25256
Trust: 2.2
url:http://www.securityfocus.com/bid/105840
Trust: 1.7
url:https://security.netapp.com/advisory/ntap-20181112-0001/
Trust: 1.7
url:https://www.ru.nl/english/news-agenda/news/vm/icis/cyber-security/2018/radboud-university-researchers-discover-security/
Trust: 1.6
url:https://www.ncsc.nl/dienstverlening/response-op-dreigingen-en-incidenten/beveiligingsadviezen/ncsc-2018-0984+1.00+meerdere+kwetsbaarheden+ontdekt+in+implementaties+self-encrypting+drives.html
Trust: 1.6
url:https://www.ru.nl/publish/pages/909282/draft-paper.pdf
Trust: 0.8
url:https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj679890(v=ws.11)#configure-use-of-hardware-based-encryption-for-fixed-data-drives
Trust: 0.8
url:https://www.samsung.com/semiconductor/minisite/ssd/support/consumer-notice/
Trust: 0.8
url:https://www.crucial.com/usa/en/support-ssd-firmware/
Trust: 0.8
url:https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings#bkmk-hdefxd
Trust: 0.8
url:https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings#bkmk-hdeosd
Trust: 0.8
url:https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings#bkmk-hderdd
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12037
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12038
Trust: 0.8
url:https://jvn.jp/vu/jvnvu90149383/
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-12037
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-12038
Trust: 0.8
url:https://kb.cert.org/vuls/id/395981/
Trust: 0.8
url:http://www.crucial.com
Trust: 0.3
url:http://www.microsoft.com
Trust: 0.3
url:http://www.samsung.com/
Trust: 0.3
url:https://www.ru.nl/publish/pages/909275/draft-paper_1.pdf
Trust: 0.3
url:https://www.kb.cert.org/vuls/id/395981/
Trust: 0.3
sources:
            
            
            CERT/CC: VU#395981 // 
            
            
            
            VULHUB: VHN-121956 // 
            
            
            
            BID: 105840 // 
            
            
            
            JVNDB: JVNDB-2018-009133 // 
            
            
            
            CNNVD: CNNVD-201811-169 // 
            
            
            
            NVD: CVE-2018-12037

CREDITS
Carlo Meijer and Bernard van Gastel from the Dutch Radboud University
Trust: 0.3
sources:
            
            
            BID: 105840

SOURCES
db:CERT/CCid:VU#395981
db:VULHUBid:VHN-121956
db:BIDid:105840
db:JVNDBid:JVNDB-2018-009133
db:CNNVDid:CNNVD-201811-169
db:NVDid:CVE-2018-12037

LAST UPDATE DATE
2024-08-14T14:19:03.453000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#395981date:2019-11-14T00:00:00
db:VULHUBid:VHN-121956date:2019-10-03T00:00:00
db:BIDid:105840date:2018-11-06T00:00:00
db:JVNDBid:JVNDB-2018-009133date:2019-08-06T00:00:00
db:CNNVDid:CNNVD-201811-169date:2019-10-23T00:00:00
db:NVDid:CVE-2018-12037date:2019-10-03T00:03:26.223

SOURCES RELEASE DATE
db:CERT/CCid:VU#395981date:2018-11-06T00:00:00
db:VULHUBid:VHN-121956date:2018-11-20T00:00:00
db:BIDid:105840date:2018-11-06T00:00:00
db:JVNDBid:JVNDB-2018-009133date:2018-11-08T00:00:00
db:CNNVDid:CNNVD-201811-169date:2018-11-08T00:00:00
db:NVDid:CVE-2018-12037date:2018-11-20T19:29:00.247