CVE-2019-10705

moderate-risk
Published 2020-03-10

Western Digital SanDisk X600 devices in certain configurations, a vulnerability in the access control mechanism of the drive may allow data to be decrypted without knowledge of proper authentication credentials.

Do I need to act?

-
0.35% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (20)

Sandisk X600 Sd9Tb8W-128G Firmware
Sandisk X600 Sd9Tb8W-256G Firmware
Sandisk X600 Sd9Tb8W-512G Firmware
Sandisk X600 Sd9Tb8W-1T00 Firmware
Sandisk X600 Sd9Tb8W-2T00 Firmware
Sandisk X600 Sd9Tn8W-128G Firmware
Sandisk X600 Sd9Tn8W-256G Firmware
Sandisk X600 Sd9Tn8W-512G Firmware
Sandisk X600 Sd9Tn8W-1T00 Firmware
Sandisk X600 Sd9Tn8W-2T00 Firmware
Sandisk X600 Sd9Sb8W-128G Firmware
Sandisk X600 Sd9Sb8W-256G Firmware
Sandisk X600 Sd9Sb8W-512G Firmware
Sandisk X600 Sd9Sb8W-1T00 Firmware
Sandisk X600 Sd9Sb8W-2T00 Firmware
Sandisk X600 Sd9Sn8W-128G Firmware
Sandisk X600 Sd9Sn8W-256G Firmware
Sandisk X600 Sd9Sn8W-512G Firmware
Sandisk X600 Sd9Sn8W-1T00 Firmware
Sandisk X600 Sd9Sn8W-2T00 Firmware

Affected Vendors

Westerndigital

References (6)

Product https://support.wdc.com/cat_products.aspx?ID=6&lang=en
Vendor Advisory https://www.westerndigital.com/support/productsecurity/wdc-19006-sandisk-x600-sa...
Not Applicable https://www.westerndigital.com/support/productsecurity/wdc-19007-sandisk-x300-x4...
Product https://support.wdc.com/cat_products.aspx?ID=6&lang=en
Vendor Advisory https://www.westerndigital.com/support/productsecurity/wdc-19006-sandisk-x600-sa...
Not Applicable https://www.westerndigital.com/support/productsecurity/wdc-19007-sandisk-x300-x4...
47
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 1/34 · Minimal
Exposure 20/34 · Moderate