CVE-2019-10706 - Vulnerability Details

Western Digital SanDisk SanDisk X300, X300s, X400, and X600 devices: The firmware update authentication method relies on a symmetric HMAC digest. The key used to validate this digest is present in a protected area of the device, and if extracted could be used to install arbitrary firmware to other devices.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00116.

Key SSVC decision points have not yet been added.

Vendors	Products
Westerndigital Subscribe	Sandisk X300 Sd7sb6s-128g Subscribe Sandisk X300 Sd7sb6s-128g Firmware Subscribe Sandisk X300 Sd7sb6s-256g Subscribe Sandisk X300 Sd7sb6s-256g Firmware Subscribe Sandisk X300 Sd7sb7s-010t Subscribe Sandisk X300 Sd7sb7s-010t Firmware Subscribe Sandisk X300 Sd7sb7s-512g Subscribe Sandisk X300 Sd7sb7s-512g Firmware Subscribe Sandisk X300 Sd7sf6s-128g Subscribe Sandisk X300 Sd7sf6s-128g Firmware Subscribe Sandisk X300 Sd7sf6s-256g Subscribe Sandisk X300 Sd7sf6s-256g Firmware Subscribe Sandisk X300 Sd7sf6s-512g Subscribe Sandisk X300 Sd7sf6s-512g Firmware Subscribe Sandisk X300 Sd7sn6s-128g Subscribe Sandisk X300 Sd7sn6s-128g Firmware Subscribe Sandisk X300 Sd7sn6s-256g Subscribe Sandisk X300 Sd7sn6s-256g Firmware Subscribe Sandisk X300 Sd7sn6s-512g Subscribe Sandisk X300 Sd7sn6s-512g Firmware Subscribe Sandisk X300s Sd7sb3q-064g Subscribe Sandisk X300s Sd7sb3q-064g Firmware Subscribe Sandisk X300s Sd7sn3q-064g Subscribe Sandisk X300s Sd7sn3q-064g Firmware Subscribe Sandisk X300s Sd7ub2q-010t Subscribe Sandisk X300s Sd7ub2q-010t Firmware Subscribe Sandisk X300s Sd7ub2q-512g Subscribe Sandisk X300s Sd7ub2q-512g Firmware Subscribe Sandisk X300s Sd7ub3q-128g Subscribe Sandisk X300s Sd7ub3q-128g Firmware Subscribe Sandisk X300s Sd7ub3q-256g Subscribe Sandisk X300s Sd7ub3q-256g Firmware Subscribe Sandisk X300s Sd7un3q-128g Subscribe Sandisk X300s Sd7un3q-128g Firmware Subscribe Sandisk X300s Sd7un3q-256g Subscribe Sandisk X300s Sd7un3q-256g Firmware Subscribe Sandisk X300s Sd7un3q-512g Subscribe Sandisk X300s Sd7un3q-512g Firmware Subscribe Sandisk X400 Sd8sb8u-128g Subscribe Sandisk X400 Sd8sb8u-128g-1122 Subscribe Sandisk X400 Sd8sb8u-128g-1122 Firmware Subscribe Sandisk X400 Sd8sb8u-128g Firmware Subscribe Sandisk X400 Sd8sb8u-1t00 Subscribe Sandisk X400 Sd8sb8u-1t00-1122 Subscribe Sandisk X400 Sd8sb8u-1t00-1122 Firmware Subscribe Sandisk X400 Sd8sb8u-1t00 Firmware Subscribe Sandisk X400 Sd8sb8u-256g Subscribe Sandisk X400 Sd8sb8u-256g-1122 Subscribe Sandisk X400 Sd8sb8u-256g-1122 Firmware Subscribe Sandisk X400 Sd8sb8u-256g Firmware Subscribe Sandisk X400 Sd8sb8u-512g Subscribe Sandisk X400 Sd8sb8u-512g-1122 Subscribe Sandisk X400 Sd8sb8u-512g-1122 Firmware Subscribe Sandisk X400 Sd8sb8u-512g Firmware Subscribe Sandisk X400 Sd8sn8u-128g Subscribe Sandisk X400 Sd8sn8u-128g-1122 Subscribe Sandisk X400 Sd8sn8u-128g-1122 Firmware Subscribe Sandisk X400 Sd8sn8u-128g Firmware Subscribe Sandisk X400 Sd8sn8u-1t00 Subscribe Sandisk X400 Sd8sn8u-1t00-1122 Subscribe Sandisk X400 Sd8sn8u-1t00-1122 Firmware Subscribe Sandisk X400 Sd8sn8u-1t00 Firmware Subscribe Sandisk X400 Sd8sn8u-256g Subscribe Sandisk X400 Sd8sn8u-256g-1122 Subscribe Sandisk X400 Sd8sn8u-256g-1122 Firmware Subscribe Sandisk X400 Sd8sn8u-256g Firmware Subscribe Sandisk X400 Sd8sn8u-512g Subscribe Sandisk X400 Sd8sn8u-512g-1122 Subscribe Sandisk X400 Sd8sn8u-512g-1122 Firmware Subscribe Sandisk X400 Sd8sn8u-512g Firmware Subscribe Sandisk X400 Sd8tb8u-128g-1122 Subscribe Sandisk X400 Sd8tb8u-128g-1122 Firmware Subscribe Sandisk X400 Sd8tb8u-1t00-1122 Subscribe Sandisk X400 Sd8tb8u-1t00-1122 Firmware Subscribe Sandisk X400 Sd8tb8u-256g-1122 Subscribe Sandisk X400 Sd8tb8u-256g-1122 Firmware Subscribe Sandisk X400 Sd8tb8u-512g-1122 Subscribe Sandisk X400 Sd8tb8u-512g-1122 Firmware Subscribe Sandisk X600 Sd9sb8w-128g Subscribe Sandisk X600 Sd9sb8w-128g Firmware Subscribe Sandisk X600 Sd9sb8w-1t00 Subscribe Sandisk X600 Sd9sb8w-1t00 Firmware Subscribe Sandisk X600 Sd9sb8w-256g Subscribe Sandisk X600 Sd9sb8w-256g Firmware Subscribe Sandisk X600 Sd9sb8w-2t00 Subscribe Sandisk X600 Sd9sb8w-2t00 Firmware Subscribe Sandisk X600 Sd9sb8w-512g Subscribe Sandisk X600 Sd9sb8w-512g Firmware Subscribe Sandisk X600 Sd9sn8w-128g Subscribe Sandisk X600 Sd9sn8w-128g Firmware Subscribe Sandisk X600 Sd9sn8w-1t00 Subscribe Sandisk X600 Sd9sn8w-1t00 Firmware Subscribe Sandisk X600 Sd9sn8w-256g Subscribe Sandisk X600 Sd9sn8w-256g Firmware Subscribe Sandisk X600 Sd9sn8w-2t00 Subscribe Sandisk X600 Sd9sn8w-2t00 Firmware Subscribe Sandisk X600 Sd9sn8w-512g Subscribe Sandisk X600 Sd9sn8w-512g Firmware Subscribe Sandisk X600 Sd9tb8w-128g Subscribe Sandisk X600 Sd9tb8w-128g Firmware Subscribe Sandisk X600 Sd9tb8w-1t00 Subscribe Sandisk X600 Sd9tb8w-1t00 Firmware Subscribe Sandisk X600 Sd9tb8w-256g Subscribe Sandisk X600 Sd9tb8w-256g Firmware Subscribe Sandisk X600 Sd9tb8w-2t00 Subscribe Sandisk X600 Sd9tb8w-2t00 Firmware Subscribe Sandisk X600 Sd9tb8w-512g Subscribe Sandisk X600 Sd9tb8w-512g Firmware Subscribe Sandisk X600 Sd9tn8w-128g Subscribe Sandisk X600 Sd9tn8w-128g Firmware Subscribe Sandisk X600 Sd9tn8w-1t00 Subscribe Sandisk X600 Sd9tn8w-1t00 Firmware Subscribe Sandisk X600 Sd9tn8w-256g Subscribe Sandisk X600 Sd9tn8w-256g Firmware Subscribe Sandisk X600 Sd9tn8w-2t00 Subscribe Sandisk X600 Sd9tn8w-2t00 Firmware Subscribe Sandisk X600 Sd9tn8w-512g Subscribe Sandisk X600 Sd9tn8w-512g Firmware Subscribe

Configuration 1 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x600_sd9tb8w-128g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x600_sd9tb8w-128g:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x600_sd9tb8w-256g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x600_sd9tb8w-256g:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x600_sd9tb8w-512g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x600_sd9tb8w-512g:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x600_sd9tb8w-1t00_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x600_sd9tb8w-1t00:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x600_sd9tb8w-2t00_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x600_sd9tb8w-2t00:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x600_sd9tn8w-128g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x600_sd9tn8w-128g:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x600_sd9tn8w-256g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x600_sd9tn8w-256g:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x600_sd9tn8w-512g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x600_sd9tn8w-512g:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x600_sd9tn8w-1t00_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x600_sd9tn8w-1t00:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x600_sd9tn8w-2t00_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x600_sd9tn8w-2t00:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x600_sd9sb8w-128g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x600_sd9sb8w-128g:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x600_sd9sb8w-256g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x600_sd9sb8w-256g:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x600_sd9sb8w-512g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x600_sd9sb8w-512g:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x600_sd9sb8w-1t00_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x600_sd9sb8w-1t00:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x600_sd9sb8w-2t00_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x600_sd9sb8w-2t00:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x600_sd9sn8w-128g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x600_sd9sn8w-128g:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x600_sd9sn8w-256g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x600_sd9sn8w-256g:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x600_sd9sn8w-512g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x600_sd9sn8w-512g:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x600_sd9sn8w-1t00_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x600_sd9sn8w-1t00:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x600_sd9sn8w-2t00_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x600_sd9sn8w-2t00:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x300s_sd7sb3q-064g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x300s_sd7sb3q-064g:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x300s_sd7sn3q-064g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x300s_sd7sn3q-064g:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x300s_sd7ub2q-010t_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x300s_sd7ub2q-010t:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x300s_sd7ub2q-512g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x300s_sd7ub2q-512g:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x300s_sd7ub3q-128g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x300s_sd7ub3q-128g:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x300s_sd7ub3q-256g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x300s_sd7ub3q-256g:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x300s_sd7un3q-128g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x300s_sd7un3q-128g:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x300s_sd7un3q-256g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x300s_sd7un3q-256g:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x300s_sd7un3q-512g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x300s_sd7un3q-512g:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x400_sd8sb8u-128g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x400_sd8sb8u-128g:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x400_sd8sb8u-128g-1122_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x400_sd8sb8u-128g-1122:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x400_sd8sb8u-1t00_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x400_sd8sb8u-1t00:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x400_sd8sb8u-1t00-1122_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x400_sd8sb8u-1t00-1122:-:*:*:*:*:*:*:*

Configuration 34 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x400_sd8sb8u-256g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x400_sd8sb8u-256g:-:*:*:*:*:*:*:*

Configuration 35 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x400_sd8sb8u-256g-1122_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x400_sd8sb8u-256g-1122:-:*:*:*:*:*:*:*

Configuration 36 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x400_sd8sb8u-512g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x400_sd8sb8u-512g:-:*:*:*:*:*:*:*

Configuration 37 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x400_sd8sb8u-512g-1122_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x400_sd8sb8u-512g-1122:-:*:*:*:*:*:*:*

Configuration 38 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x400_sd8sn8u-128g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x400_sd8sn8u-128g:-:*:*:*:*:*:*:*

Configuration 39 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x400_sd8sn8u-128g-1122_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x400_sd8sn8u-128g-1122:-:*:*:*:*:*:*:*

Configuration 40 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x400_sd8sn8u-1t00_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x400_sd8sn8u-1t00:-:*:*:*:*:*:*:*

Configuration 41 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x400_sd8sn8u-1t00-1122_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x400_sd8sn8u-1t00-1122:-:*:*:*:*:*:*:*

Configuration 42 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x400_sd8sn8u-256g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x400_sd8sn8u-256g:-:*:*:*:*:*:*:*

Configuration 43 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x400_sd8sn8u-256g-1122_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x400_sd8sn8u-256g-1122:-:*:*:*:*:*:*:*

Configuration 44 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x400_sd8sn8u-512g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x400_sd8sn8u-512g:-:*:*:*:*:*:*:*

Configuration 45 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x400_sd8sn8u-512g-1122_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x400_sd8sn8u-512g-1122:-:*:*:*:*:*:*:*

Configuration 46 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x400_sd8tb8u-128g-1122_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x400_sd8tb8u-128g-1122:-:*:*:*:*:*:*:*

Configuration 47 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x400_sd8tb8u-1t00-1122_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x400_sd8tb8u-1t00-1122:-:*:*:*:*:*:*:*

Configuration 48 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x400_sd8tb8u-256g-1122_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x400_sd8tb8u-256g-1122:-:*:*:*:*:*:*:*

Configuration 49 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x400_sd8tb8u-512g-1122_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x400_sd8tb8u-512g-1122:-:*:*:*:*:*:*:*

Configuration 50 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x300_sd7sb6s-128g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x300_sd7sb6s-128g:-:*:*:*:*:*:*:*

Configuration 51 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x300_sd7sb6s-256g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x300_sd7sb6s-256g:-:*:*:*:*:*:*:*

Configuration 52 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x300_sd7sb7s-010t_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x300_sd7sb7s-010t:-:*:*:*:*:*:*:*

Configuration 53 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x300_sd7sb7s-512g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x300_sd7sb7s-512g:-:*:*:*:*:*:*:*

Configuration 54 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x300_sd7sf6s-128g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x300_sd7sf6s-128g:-:*:*:*:*:*:*:*

Configuration 55 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x300_sd7sf6s-256g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x300_sd7sf6s-256g:-:*:*:*:*:*:*:*

Configuration 56 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x300_sd7sf6s-512g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x300_sd7sf6s-512g:-:*:*:*:*:*:*:*

Configuration 57 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x300_sd7sn6s-128g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x300_sd7sn6s-128g:-:*:*:*:*:*:*:*

Configuration 58 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x300_sd7sn6s-256g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x300_sd7sn6s-256g:-:*:*:*:*:*:*:*

Configuration 59 [-]

AND

cpe:2.3:o:westerndigital:sandisk_x300_sd7sn6s-512g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_x300_sd7sn6s-512g:-:*:*:*:*:*:*:*

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2019-2500	Western Digital SanDisk SanDisk X300, X300s, X400, and X600 devices: The firmware update authentication method relies on a symmetric HMAC digest. The key used to validate this digest is present in a protected area of the device, and if extracted could be used to install arbitrary firmware to other devices.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://support.wdc.com/cat_products.aspx?ID=6&lang=en
https://www.westerndigital.com/support/productsecurity/wdc-19006-sandisk-x600-sata-ssd
https://www.westerndigital.com/support/productsecurity/wdc-19007-sandisk-x300-x400-sata-ssd

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-03-10T12:45:10

Updated: 2024-08-04T22:32:01.181Z

Reserved: 2019-04-02T00:00:00

Link: CVE-2019-10706

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-03-10T13:15:12.500

Modified: 2024-11-21T04:19:46.387

Link: CVE-2019-10706

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-522

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Projects

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object