{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T05:44:18.496","vulnerabilities":[{"cve":{"id":"CVE-2022-28382","sourceIdentifier":"cve@mitre.org","published":"2022-06-08T16:15:07.957","lastModified":"2024-11-21T06:57:15.697","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Verbatim drives through 2022-03-31. Due to the use of an insecure encryption AES mode (Electronic Codebook, aka ECB), an attacker may be able to extract information even from encrypted data, for example by observing repeating byte patterns. The firmware of the USB-to-SATA bridge controller INIC-3637EN uses AES-256 with the ECB mode. This operation mode of block ciphers (e.g., AES) always encrypts identical plaintext data, in this case blocks of 16 bytes, to identical ciphertext data. For some data, for instance bitmap images, the lack of the cryptographic property called diffusion, within ECB, can leak sensitive information even in encrypted data. Thus, the use of the ECB operation mode can put the confidentiality of specific information at risk, even in an encrypted form. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428, Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0, Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1, and Fingerprint Secure Portable Hard Drive Part Number #53650."},{"lang":"es","value":"Se ha detectado un problema en determinadas unidades de Verbatim hasta el 31-03-2022. Debido al uso de un modo de encriptación AES no seguro (Electronic Codebook, también se conoce como ECB), un atacante puede ser capaz de extraer información incluso de datos encriptados, por ejemplo, al observar patrones de bytes repetidos. El firmware del controlador de puente USB a SATA INIC-3637EN usa AES-256 con el modo ECB. Este modo de funcionamiento de los cifradores de bloques (por ejemplo, AES) siempre cifra datos de texto plano idénticos, en este caso bloques de 16 bytes, en datos de texto cifrado idénticos. Para algunos datos, por ejemplo las imágenes de mapa de bits, la falta de la propiedad criptográfica llamada difusión, dentro del ECB, puede filtrar información confidencial incluso en los datos cifrados. Por lo tanto, el uso del modo de funcionamiento ECB puede poner en riesgo la confidencialidad de información específica, incluso de forma encriptada. Esto afecta a la unidad Keypad Secure USB versión 3.2 Gen 1, número de pieza 49428, al disco duro portátil Store \"n\" Go Secure GD25LK01-3637-C VER4.0, a la unidad SSD Executive Fingerprint Secure GDMSFE01-INI3637-C VER1.1 y al disco duro portátil Fingerprint Secure, número de pieza 53650"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-327"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:verbatim:keypad_secure_usb_3.2_gen_1_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2022-03-31","matchCriteriaId":"858C45A8-1BE3-4A2B-8184-D0B208513ACB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:verbatim:keypad_secure_usb_3.2_gen_1:-:*:*:*:*:*:*:*","matchCriteriaId":"CE1F7994-9CF8-45C5-8C57-A2CE56B8730B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:verbatim:store_\\'n\\'_go_secure_portable_hdd_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2022-03-31","matchCriteriaId":"034F8132-9D3B-474F-B6F0-E85FEEB34E5B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:verbatim:store_\\'n\\'_go_secure_portable_hdd:-:*:*:*:*:*:*:*","matchCriteriaId":"59F87C0C-64CC-4E58-9391-8EE9014DCF63"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:verbatim:executive_fingerprint_secure_ssd_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2022-03-31","matchCriteriaId":"1108BAFB-599A-475E-AEDA-7ED51D2ADBFE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:verbatim:executive_fingerprint_secure_ssd:-:*:*:*:*:*:*:*","matchCriteriaId":"A6874052-44CE-47F6-A9EC-7FB99369DF33"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:verbatim:fingerprint_secure_portable_hard_drive_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2022-03-31","matchCriteriaId":"E701FD30-CDD2-47C3-B2DD-B50DAF3B4AD6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:verbatim:fingerprint_secure_portable_hard_drive:-:*:*:*:*:*:*:*","matchCriteriaId":"2B7424FA-57F4-4328-8B7C-D8B9A8902EEF"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/167491/Verbatim-Keypad-Secure-USB-3.2-Gen-1-Drive-ECB-Issue.html","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/167500/Verbatim-Store-N-Go-Secure-Portable-HDD-GD25LK01-3637-C-VER4.0-Risky-Crypto.html","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/167528/Verbatim-Executive-Fingerprint-Secure-SSD-GDMSFE01-INI3637-C-VER1.1-Risky-Crypto.html","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/167532/Verbatim-Fingerprint-Secure-Portable-Hard-Drive-53650-Risky-Crypto.html","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2022/Jun/18","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2022/Jun/22","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2022/Jun/24","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2022/Jun/9","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2022/Oct/4","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-002.txt","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-006.txt","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-010.txt","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-015.txt","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-044.txt","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/167491/Verbatim-Keypad-Secure-USB-3.2-Gen-1-Drive-ECB-Issue.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/167500/Verbatim-Store-N-Go-Secure-Portable-HDD-GD25LK01-3637-C-VER4.0-Risky-Crypto.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/167528/Verbatim-Executive-Fingerprint-Secure-SSD-GDMSFE01-INI3637-C-VER1.1-Risky-Crypto.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/167532/Verbatim-Fingerprint-Secure-Portable-Hard-Drive-53650-Risky-Crypto.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2022/Jun/18","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2022/Jun/22","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2022/Jun/24","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2022/Jun/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2022/Oct/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-002.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-006.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-010.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-015.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-044.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}