CVE-2015-7269
First published: Mon Nov 27 2017(Updated: )
Seagate ST500LT015 hard disk drives, when operating in eDrive mode on Lenovo ThinkPad W541 laptops with BIOS 2.21, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by attaching a second SATA connector to exposed pins, maintaining an alternate power source, and attaching the data cable to another machine, aka a "Hot Unplug Attack."
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Seagate ST500LT015 Firmware | ||
| Seagate ST500LT015 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-7269?
CVE-2015-7269 has a high severity as it allows attackers to bypass the self-encrypting drive protection.
How do I fix CVE-2015-7269?
To mitigate CVE-2015-7269, users should avoid using the affected Seagate ST500LT015 drives in eDrive mode on vulnerable Lenovo ThinkPad models.
Who is affected by CVE-2015-7269?
CVE-2015-7269 primarily affects users of Seagate ST500LT015 hard disk drives operating in eDrive mode on Lenovo ThinkPad W541 laptops with BIOS 2.21.
What exploit is described in CVE-2015-7269?
CVE-2015-7269 describes an exploit where physically proximate attackers can bypass SED protection through a second SATA connector and alternate power source.
What are the implications of CVE-2015-7269?
The implications of CVE-2015-7269 include potential unauthorized access to encrypted data on affected hard disk drives.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/seagate
- canonical/seagate st500lt015 firmware