CVSS: 7.5EPSS: 0%CPEs: 40EXPL: 0CVE-2019-10705
https://notcve.org/view.php?id=CVE-2019-10705
10 Mar 2020 — Western Digital SanDisk X600 devices in certain configurations, a vulnerability in the access control mechanism of the drive may allow data to be decrypted without knowledge of proper authentication credentials. Un dispositivo Western Digital SanDisk X600, en determinadas configuraciones, una vulnerabilidad en el mecanismo de control de acceso de la unidad puede permitir a los datos ser descifrados sin conocimiento de las credenciales de autenticación apropiadas. • https://support.wdc.com/cat_products.aspx?ID=6&lang=en • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.3EPSS: 0%CPEs: 118EXPL: 0CVE-2019-10706
https://notcve.org/view.php?id=CVE-2019-10706
10 Mar 2020 — Western Digital SanDisk SanDisk X300, X300s, X400, and X600 devices: The firmware update authentication method relies on a symmetric HMAC digest. The key used to validate this digest is present in a protected area of the device, and if extracted could be used to install arbitrary firmware to other devices. Los dispositivos Western Digital SanDisk X300, X300s, X400 y X600: El método de autenticación de la actualización de firmware se basa en un resumen simétrico de HMAC. La clave utilizada para comprobar est... • https://support.wdc.com/cat_products.aspx?ID=6&lang=en • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.5EPSS: 0%CPEs: 118EXPL: 0CVE-2019-11686
https://notcve.org/view.php?id=CVE-2019-11686
10 Mar 2020 — Western Digital SanDisk X300, X300s, X400, and X600 devices: A vulnerability in the wear-leveling algorithm of the drive may cause cryptographically sensitive parameters (such as data encryption keys) to remain on the drive media after their intended erasure. Los dispositivos Western Digital SanDisk X300, X300s, X400 y X600: Una vulnerabilidad en el algoritmo wear-leveling de la unidad puede causar que los parámetros sensibles criptográficamente (como las claves de cifrado de datos) permanezcan en el medio ... • https://support.wdc.com/downloads.aspx?g=907&lang=en • CWE-522: Insufficiently Protected Credentials •