CVE-2021-28653

{"id": "CVE-2021-28653", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2021-03-19T00:15:11.963", "references": [{"url": "https://www.westerndigital.com/support/productsecurity/wdc-21003-armorLock-insecure-key-storage-vulnerability", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.westerndigital.com/support/productsecurity/wdc-21003-armorLock-insecure-key-storage-vulnerability", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-922"}]}], "descriptions": [{"lang": "en", "value": "The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave support but lacks biometric authentication hardware."}, {"lang": "es", "value": "Las aplicaciones iOS y macOS versiones anteriores a 1.4.1 para Western Digital G-Technology ArmorLock NVMe SSD, almacenan claves de forma no segura. Eligen un mecanismo de almacenamiento no preferido si el dispositivo es compatible con Secure Enclave pero carece de hardware de autenticaci\u00f3n biom\u00e9trica"}], "lastModified": "2024-11-21T06:00:02.120", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:westerndigital:armorlock:*:*:*:*:*:iphone_os:*:*", "vulnerable": true, "matchCriteriaId": "6510A674-DBD5-4D12-B1E4-9DC90763269A", "versionEndExcluding": "1.4.1"}, {"criteria": "cpe:2.3:a:westerndigital:armorlock:*:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "619FC584-6206-4ED0-ABF3-2035E729F7BF", "versionEndExcluding": "1.4.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}