{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-28386", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2022-10-09T00:00:00", "dateReserved": "2022-04-03T00:00:00", "datePublished": "2022-06-08T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2022-10-09T00:00:00"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in certain Verbatim drives through 2022-03-31. The security feature for lockout (e.g., requiring a reformat of the drive after 20 failed unlock attempts) does not work as specified. More than 20 attempts may be made. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428 and Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-004.txt"}, {"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-008.txt"}, {"name": "20220610 [SYSS-2022-004]: Verbatim Keypad Secure USB 3.2 Gen 1 Drive - Expected Behavior Violation (CWE-440) (CVE-2022-28386)", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2022/Jun/11"}, {"name": "20220610 [SYSS-2022-008]: Verbatim Store 'n' Go Secure Portable HDD - Expected Behavior Violation (CWE-440) (CVE-2022-28386)", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2022/Jun/20"}, {"url": "http://packetstormsecurity.com/files/167509/Verbatim-Store-N-Go-Secure-Portable-HDD-GD25LK01-3637-C-VER4.0-Behavior-Violation.html"}, {"url": "http://packetstormsecurity.com/files/167492/Verbatim-Keypad-Secure-USB-3.2-Gen-1-Drive-Passcode-Retry.html"}, {"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-046.txt"}, {"name": "20221008 [SYSS-2022-046]: Verbatim Store 'n' Go Secure Portable SSD - Expected Behavior Violation (CWE-440) (CVE-2022-28386)", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2022/Oct/6"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:verbatim:keypad_secure_usb_3.2_gen_1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "858C45A8-1BE3-4A2B-8184-D0B208513ACB", "versionEndIncluding": "2022-03-31", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:verbatim:keypad_secure_usb_3.2_gen_1:-:*:*:*:*:*:*:*", "matchCriteriaId": "CE1F7994-9CF8-45C5-8C57-A2CE56B8730B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:verbatim:gd25lk01-3637-c_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FC9E8096-9011-40FD-BB5F-BF9E9A34AFA6", "versionEndIncluding": "2022-03-31", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:verbatim:gd25lk01-3637-c:-:*:*:*:*:*:*:*", "matchCriteriaId": "90912F57-42D2-46B0-8D83-64F324263416", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in certain Verbatim drives through 2022-03-31. The security feature for lockout (e.g., requiring a reformat of the drive after 20 failed unlock attempts) does not work as specified. More than 20 attempts may be made. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428 and Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0."}, {"lang": "es", "value": "Se ha detectado un problema en determinadas unidades de Verbatim versiones hasta 31-03-2022. La caracter\u00edstica de seguridad para el bloqueo (por ejemplo, que requiere un reformateo de la unidad despu\u00e9s de 20 intentos fallidos de desbloqueo) no funciona como es especificado. Pueden realizarse m\u00e1s de 20 intentos. Esto afecta a la unidad Keypad Secure USB versi\u00f3n 3.2 Gen 1, n\u00famero de pieza 49428, y al disco duro port\u00e1til Store \"n\" Go Secure GD25LK01-3637-C VER4.0"}], "id": "CVE-2022-28386", "lastModified": "2022-12-06T21:55:29.657", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-08T17:15:07.717", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/167492/Verbatim-Keypad-Secure-USB-3.2-Gen-1-Drive-Passcode-Retry.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/167509/Verbatim-Store-N-Go-Secure-Portable-HDD-GD25LK01-3637-C-VER4.0-Behavior-Violation.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2022/Jun/11"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2022/Jun/20"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2022/Oct/6"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-004.txt"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-008.txt"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-046.txt"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-307"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}