CVE-2015-7267

Published: Nov 27, 2017 Last Modified: Apr 20, 2025 EU-VD ID: EUVD-2015-7198 Aliases: GSD-2015-7267
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 4,2
Source: [email protected]
Attack Vector: physical
Attack Complexity: high
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
LOW 1,9
Source: [email protected]
Access Vector: local
Access Complexity: medium
Authentication: none
Confidentiality: partial
Integrity: none
Availability: none

Description

AI Translation Available

Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS 2.32; ThinkPad W541 laptops with BIOS 2.21; Dell Latitude E6410 laptops with BIOS A16; or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by leveraging failure to detect when SATA drives are unplugged in Sleep Mode, aka a 'Hot Plug attack.'

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0006
Percentile
0,2th
Updated

EPSS Score Trend (Last 91 Days)

Operating System

St500Lt015 Firmware by Seagate

Product Information
Vendor Seagate
Product St500Lt015 Firmware
Version -
cpe:2.3:o:seagate:st500lt015_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

St500Lt025 Firmware by Seagate

Product Information
Vendor Seagate
Product St500Lt025 Firmware
Version -
cpe:2.3:o:seagate:st500lt025_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

850 Pro Firmware by Samsung

Product Information
Vendor Samsung
Product 850 Pro Firmware
Version -
cpe:2.3:o:samsung:850_pro_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Pm851 Firmware by Samsung

Product Information
Vendor Samsung
Product Pm851 Firmware
Version -
cpe:2.3:o:samsung:pm851_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.blackhat.com/docs/eu-15/materials/eu-15-Boteanu…
Technical Description Third Party Advisory
https://www.blackhat.com/docs/eu-15/materials/eu-15-Boteanu-Bypassing-Self-Encr…
https://www.infoworld.com/article/3004913/encryption/self-e…
Technical Description Third Party Advisory
https://www.infoworld.com/article/3004913/encryption/self-encrypting-drives-are…
https://www.blackhat.com/docs/eu-15/materials/eu-15-Boteanu…
Technical Description Third Party Advisory
https://www.blackhat.com/docs/eu-15/materials/eu-15-Boteanu-Bypassing-Self-Encr…
https://www.infoworld.com/article/3004913/encryption/self-e…
Technical Description Third Party Advisory
https://www.infoworld.com/article/3004913/encryption/self-encrypting-drives-are…