Notified: March 13, 2019 Updated: March 13, 2019
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: March 13, 2019 Updated: March 13, 2019
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: March 13, 2019 Updated: March 13, 2019
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: March 13, 2019 Updated: March 13, 2019
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: March 13, 2019 Updated: March 13, 2019
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: March 13, 2019 Updated: March 13, 2019
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: March 13, 2019 Updated: March 13, 2019
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: March 13, 2019 Updated: March 13, 2019
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: March 13, 2019 Updated: April 04, 2019
Statement Date: April 02, 2019
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: March 13, 2019 Updated: March 13, 2019
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 11, 2019 Updated: May 21, 2019
Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: March 13, 2019 Updated: March 13, 2019
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Updated: November 06, 2018
Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Updated: November 07, 2018
Affected
Encryption with BitLocker depends on the correct setting of the Group Policy. More information about this Group Policy can be found via the following location (Microsoft URL). Changing the default setting is not sufficient to mitigate the risk because it does not affect the vulnerability in already encrypted data. Only a complete new installation, including removal and reformatting of data, enforces encryption via BitLocker.
For details, please see the vendor's web page.
Notified: May 10, 2019 Updated: May 16, 2019
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: March 13, 2019 Updated: March 13, 2019
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Updated: May 16, 2019
Affected
For non-portable SSDs:We recommend installing encryption software(freeware available online)that is compatible with your system. For portable SSDs:We recommend updating the firmware on your device.
For further information please see Consumer Notice regarding Samsung SSDs.
Notified: March 13, 2019 Updated: May 20, 2019
Statement Date: May 07, 2019
Affected
See statement from Western Digital.
We are not aware of further vendor information regarding this vulnerability.
Notified: March 13, 2019 Updated: May 20, 2019
Statement Date: May 17, 2019
Not Affected
Self-Encrypting Solid-State Drive Research Study:VU#395981,CVE-2018-12037,CVE-2018-12038 All Seagate Secure™ TCG Enterprise SSC and TCG Opal SSC based SED and FIPS devices across all interfaces(SAS,SATA and NVMe)provide certified mitigations to the threats referenced in the recent research study entitled"Self-encrypting deception:weaknesses in the encryption of solid-state drives(SSDs)"by Carlo Meijer and Bernard van Gastel at Radboud University in the Netherlands. Specifically,the threats referenced in this study are: Password and DEK not linked Single DEK used for the entire disk Lack of entropy in randomly generated DEKs Wear leveling,power-saving mode(e.g. DEVSLP)General implementation issues(i.e. incorrect crypto usage)JTAG access Vendor diagnostic commands access Arbitrary unsigned code execution,and Same intermediate encryption key for all MEKs These threats are addressed in Seagate Secure SED and FIPS devices which are thoroughly validated by independent labs that certify Seagate Secure products against the FIPS 140 Standard and Common Criteria FDE Encryption Engine profile. Seagate leads the industry with security certifications and transparency as a result of our FIPS 140 and Common Criteria Certificates and corresponding Seagate Secure Security Policies. These certifications provide public visibility to the implemented security policies and assurance that device protection,cryptography and key management are implemented to publicly recognized security standards. Common Criteria Certificate - CCEVS-VR-VID10857-2018 FIPS 140 Certificate Examples -#3316,#3252,#2634(Refer to Seagate website for additional certificates)
We are not aware of further vendor information regarding this vulnerability.
Notified: March 13, 2019 Updated: March 13, 2019
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: March 13, 2019 Updated: May 16, 2019
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: March 13, 2019 Updated: May 20, 2019
Statement Date: May 14, 2019
Affected
A firmware update to address issues related to the protection of data at rest on the SanDisk X600 SED SSD is available. For details on the issues addressed by this update and availability information,please see the bulletin on the Western Digital product security portal at https://www.westerndigital.com/support/productsecurity/wdc-19006-sandisk-x6 00-sata-ssd.
CVE Numbers:CVE-2019-10705,CVE-2019-11686,CVE-2019-10706,CVE-2019-10636