What is the severity of CVE-2019-10706?

CVE-2019-10706 has been assigned a medium severity rating due to the potential for unauthorized firmware installation using extracted keys.

How do I fix CVE-2019-10706?

To mitigate CVE-2019-10706, updating the firmware to the latest version from Western Digital is essential to close the authentication vulnerability.

What products are affected by CVE-2019-10706?

CVE-2019-10706 affects Western Digital's SanDisk X300, X300s, X400, and X600 SSD devices running specific firmware versions.

What type of vulnerability is CVE-2019-10706?

CVE-2019-10706 is an authentication vulnerability that allows the installation of arbitrary firmware if the HMAC key is compromised.

Is CVE-2019-10706 actively being exploited?

As of now, there are no public reports confirming active exploitation of CVE-2019-10706.

Vulnerability/
CVE-2019-10706

medium

6.3

CWE

522

10/3/2020

4/8/2024

CVE-2019-10706

First published: Tue Mar 10 2020(Updated: )

Western Digital SanDisk SanDisk X300, X300s, X400, and X600 devices: The firmware update authentication method relies on a symmetric HMAC digest. The key used to validate this digest is present in a protected area of the device, and if extracted could be used to install arbitrary firmware to other devices.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Westerndigital Sandisk X600 Sd9tb8w-128g Firmware	<x6112100
Westerndigital Sandisk X600 Sd9tb8w-128g
Westerndigital Sandisk X600 Sd9tb8w-256g Firmware	<x6112100
Westerndigital Sandisk X600 Sd9tb8w-256g
Westerndigital Sandisk X600 Sd9tb8w-512g Firmware	<x6112100
Westerndigital Sandisk X600 Sd9tb8w-512g
Westerndigital Sandisk X600 Sd9tb8w-1t00 Firmware	<x6112100
Westerndigital Sandisk X600 Sd9tb8w-1t00
Westerndigital Sandisk X600 Sd9tb8w-2t00 Firmware	<x6112100
Westerndigital Sandisk X600 Sd9tb8w-2t00
Westerndigital Sandisk X600 Sd9tn8w-128g Firmware	<x6112100
Westerndigital Sandisk X600 Sd9tn8w-128g
Westerndigital Sandisk X600 Sd9tn8w-256g Firmware	<x6112100
Westerndigital Sandisk X600 Sd9tn8w-256g
Westerndigital Sandisk X600 Sd9tn8w-512g Firmware	<x6112100
Westerndigital Sandisk X600 Sd9tn8w-512g
Westerndigital Sandisk X600 Sd9tn8w-1t00 Firmware	<x6112100
Westerndigital Sandisk X600 Sd9tn8w-1t00
Westerndigital Sandisk X600 Sd9tn8w-2t00 Firmware	<x6112100
Westerndigital Sandisk X600 Sd9tn8w-2t00
Westerndigital Sandisk X600 Sd9sb8w-128g Firmware	<x6112100
Westerndigital Sandisk X600 Sd9sb8w-128g
Westerndigital Sandisk X600 Sd9sb8w-256g Firmware	<x6112100
Westerndigital Sandisk X600 Sd9sb8w-256g
Westerndigital Sandisk X600 Sd9sb8w-512g Firmware	<x6112100
Westerndigital Sandisk X600 Sd9sb8w-512g
Westerndigital Sandisk X600 Sd9sb8w-1t00 Firmware	<x6112100
Westerndigital Sandisk X600 Sd9sb8w-1t00
Westerndigital Sandisk X600 Sd9sb8w-2t00 Firmware	<x6112100
Westerndigital Sandisk X600 Sd9sb8w-2t00
Westerndigital Sandisk X600 Sd9sn8w-128g Firmware	<x6112100
Westerndigital Sandisk X600 Sd9sn8w-128g
Westerndigital Sandisk X600 Sd9sn8w-256g Firmware	<x6112100
Westerndigital Sandisk X600 Sd9sn8w-256g
Westerndigital Sandisk X600 Sd9sn8w-512g Firmware	<x6112100
Westerndigital Sandisk X600 Sd9sn8w-512g
Westerndigital Sandisk X600 Sd9sn8w-1t00 Firmware	<x6112100
Westerndigital Sandisk X600 Sd9sn8w-1t00
Westerndigital Sandisk X600 Sd9sn8w-2t00 Firmware	<x6112100
Westerndigital Sandisk X600 Sd9sn8w-2t00
Westerndigital Sandisk X300s Sd7sb3q-064g Firmware
Westerndigital Sandisk X300s Sd7sb3q-064g
Westerndigital Sandisk X300s Sd7sn3q-064g Firmware
Westerndigital Sandisk X300s Sd7sn3q-064g
Westerndigital Sandisk X300s Sd7ub2q-010t Firmware
Westerndigital Sandisk X300s Sd7ub2q-010t
Westerndigital Sandisk X300s Sd7ub2q-512g Firmware
Westerndigital Sandisk X300s Sd7ub2q-512g
Westerndigital Sandisk X300s Sd7ub3q-128g Firmware
Westerndigital Sandisk X300s Sd7ub3q-128g
Westerndigital Sandisk X300s Sd7ub3q-256g Firmware
Westerndigital Sandisk X300s Sd7ub3q-256g
Westerndigital Sandisk X300s Sd7un3q-128g Firmware
Westerndigital Sandisk X300s Sd7un3q-128g
Westerndigital Sandisk X300s Sd7un3q-256g Firmware
Westerndigital Sandisk X300s Sd7un3q-256g
Westerndigital Sandisk X300s Sd7un3q-512g Firmware
Westerndigital Sandisk X300s Sd7un3q-512g
Westerndigital Sandisk X400 Sd8sb8u-128g Firmware
Westerndigital Sandisk X400 Sd8sb8u-128g
Westerndigital Sandisk X400 Sd8sb8u-128g-1122 Firmware
Westerndigital Sandisk X400 Sd8sb8u-128g-1122
Westerndigital Sandisk X400 Sd8sb8u-1t00 Firmware
Westerndigital Sandisk X400 Sd8sb8u-1t00
Westerndigital Sandisk X400 Sd8sb8u-1t00-1122 Firmware
Westerndigital Sandisk X400 Sd8sb8u-1t00-1122
Westerndigital Sandisk X400 Sd8sb8u-256g Firmware
Westerndigital Sandisk X400 Sd8sb8u-256g
Westerndigital Sandisk X400 Sd8sb8u-256g-1122 Firmware
Westerndigital Sandisk X400 Sd8sb8u-256g-1122
Westerndigital Sandisk X400 Sd8sb8u-512g Firmware
Westerndigital Sandisk X400 Sd8sb8u-512g
Westerndigital Sandisk X400 Sd8sb8u-512g-1122 Firmware
Westerndigital Sandisk X400 Sd8sb8u-512g-1122
Westerndigital Sandisk X400 Sd8sn8u-128g Firmware
Westerndigital Sandisk X400 Sd8sn8u-128g
Westerndigital Sandisk X400 Sd8sn8u-128g-1122 Firmware
Westerndigital Sandisk X400 Sd8sn8u-128g-1122
Westerndigital Sandisk X400 Sd8sn8u-1t00 Firmware
Westerndigital Sandisk X400 Sd8sn8u-1t00
Westerndigital Sandisk X400 Sd8sn8u-1t00-1122 Firmware
Westerndigital Sandisk X400 Sd8sn8u-1t00-1122
Westerndigital Sandisk X400 Sd8sn8u-256g Firmware
Westerndigital Sandisk X400 Sd8sn8u-256g
Westerndigital Sandisk X400 Sd8sn8u-256g-1122 Firmware
Westerndigital Sandisk X400 Sd8sn8u-256g-1122
Westerndigital Sandisk X400 Sd8sn8u-512g Firmware
Westerndigital Sandisk X400 Sd8sn8u-512g
Westerndigital Sandisk X400 Sd8sn8u-512g-1122 Firmware
Westerndigital Sandisk X400 Sd8sn8u-512g-1122
Westerndigital Sandisk X400 Sd8tb8u-128g-1122 Firmware
Westerndigital Sandisk X400 Sd8tb8u-128g-1122
Westerndigital Sandisk X400 Sd8tb8u-1t00-1122 Firmware
Westerndigital Sandisk X400 Sd8tb8u-1t00-1122
Westerndigital Sandisk X400 Sd8tb8u-256g-1122 Firmware
Westerndigital Sandisk X400 Sd8tb8u-256g-1122
Westerndigital Sandisk X400 Sd8tb8u-512g-1122 Firmware
Westerndigital Sandisk X400 Sd8tb8u-512g-1122
Westerndigital Sandisk X300 Sd7sb6s-128g Firmware
Westerndigital Sandisk X300 Sd7sb6s-128g
Westerndigital Sandisk X300 Sd7sb6s-256g Firmware
Westerndigital Sandisk X300 Sd7sb6s-256g
Westerndigital Sandisk X300 Sd7sb7s-010t Firmware
Westerndigital Sandisk X300 Sd7sb7s-010t
Westerndigital Sandisk X300 Sd7sb7s-512g Firmware
Westerndigital Sandisk X300 Sd7sb7s-512g
Westerndigital Sandisk X300 Sd7sf6s-128g Firmware
Westerndigital Sandisk X300 Sd7sf6s-128g
Westerndigital Sandisk X300 Sd7sf6s-256g Firmware
Westerndigital Sandisk X300 Sd7sf6s-256g
Westerndigital Sandisk X300 Sd7sf6s-512g Firmware
Westerndigital Sandisk X300 Sd7sf6s-512g
Westerndigital Sandisk X300 Sd7sn6s-128g Firmware
Westerndigital Sandisk X300 Sd7sn6s-128g
Westerndigital Sandisk X300 Sd7sn6s-256g Firmware
Westerndigital Sandisk X300 Sd7sn6s-256g
Westerndigital Sandisk X300 Sd7sn6s-512g Firmware
Westerndigital Sandisk X300 Sd7sn6s-512g

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-10706?
CVE-2019-10706 has been assigned a medium severity rating due to the potential for unauthorized firmware installation using extracted keys.
How do I fix CVE-2019-10706?
To mitigate CVE-2019-10706, updating the firmware to the latest version from Western Digital is essential to close the authentication vulnerability.
What products are affected by CVE-2019-10706?
CVE-2019-10706 affects Western Digital's SanDisk X300, X300s, X400, and X600 SSD devices running specific firmware versions.
What type of vulnerability is CVE-2019-10706?
CVE-2019-10706 is an authentication vulnerability that allows the installation of arbitrary firmware if the HMAC key is compromised.
Is CVE-2019-10706 actively being exploited?
As of now, there are no public reports confirming active exploitation of CVE-2019-10706.

CVE-2019-10706

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-10706?

How do I fix CVE-2019-10706?

What products are affected by CVE-2019-10706?

What type of vulnerability is CVE-2019-10706?

Is CVE-2019-10706 actively being exploited?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2019-10706?

How do I fix CVE-2019-10706?

What products are affected by CVE-2019-10706?

What type of vulnerability is CVE-2019-10706?

Is CVE-2019-10706 actively being exploited?