Sign-up

ID

VAR-202409-0304


CVE

CVE-2024-42642


TITLE

crucial  of  mx500  Out-of-bounds write vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-007765

DESCRIPTION

Micron Crucial MX500 Series Solid State Drives M3CR046 is vulnerable to Buffer Overflow, which can be triggered by sending specially crafted ATA packets from the host to the drive controller. crucial of mx500 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 2.16

sources: NVD: CVE-2024-42642 // JVNDB: JVNDB-2024-007765 // CNVD: CNVD-2024-38570

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-38570

AFFECTED PRODUCTS

vendor:crucialmodel:mx500scope:eqversion:m3cr046

Trust: 1.0

vendor:crucialmodel:mx500scope:eqversion:mx500 firmware m3cr046

Trust: 0.8

vendor:crucialmodel:mx500scope: - version: -

Trust: 0.8

vendor:crucialmodel:mx500scope:eqversion: -

Trust: 0.8

vendor:micronmodel:crucial mx500 series solid state drives m3cr046scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2024-38570 // JVNDB: JVNDB-2024-007765 // NVD: CVE-2024-42642

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-42642
value: MEDIUM

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-42642
value: CRITICAL

Trust: 1.0

NVD: CVE-2024-42642
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2024-38570
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2024-38570
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-42642
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-42642
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2024-42642
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2024-38570 // JVNDB: JVNDB-2024-007765 // NVD: CVE-2024-42642 // NVD: CVE-2024-42642

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-007765 // NVD: CVE-2024-42642

EXTERNAL IDS

db:NVDid:CVE-2024-42642

Trust: 3.2

db:JVNDBid:JVNDB-2024-007765

Trust: 0.8

db:CNVDid:CNVD-2024-38570

Trust: 0.6

sources: CNVD: CNVD-2024-38570 // JVNDB: JVNDB-2024-007765 // NVD: CVE-2024-42642

REFERENCES

url:https://github.com/vl4dr/cve-2024-42642/tree/main

Trust: 2.4

url:http://microncrucial.com

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2024-42642

Trust: 0.8

sources: CNVD: CNVD-2024-38570 // JVNDB: JVNDB-2024-007765 // NVD: CVE-2024-42642

SOURCES

db:CNVDid:CNVD-2024-38570
db:JVNDBid:JVNDB-2024-007765
db:NVDid:CVE-2024-42642

LAST UPDATE DATE

2024-10-25T23:18:00.426000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-38570date:2024-09-19T00:00:00
db:JVNDBid:JVNDB-2024-007765date:2024-09-11T03:21:00
db:NVDid:CVE-2024-42642date:2024-10-24T17:35:08.450

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-38570date:2024-09-19T00:00:00
db:JVNDBid:JVNDB-2024-007765date:2024-09-11T00:00:00
db:NVDid:CVE-2024-42642date:2024-09-04T20:15:07.007