ASA-2019-00428 – Intel SSD DC S4500 Series: Improper authentication in firmware

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2019-00428

Identifier(s)

ASA-2019-00428, CVE-2018-18095, INTEL-SA-00267

Title

Improper authentication in firmware

Vendor(s)

Intel

Product(s)

Intel® SSD DC S4500 Series
Intel® SSD DC S4600 Series

Affected version(s)

Intel® SSD DC S4500 Series firmware versions before SCV10150
Intel® SSD DC S4600 Series firmware versions before SCV10150

Fixed version(s)

Intel® SSD DC S4500 Series firmware version SCV10150 or later
Intel® SSD DC S4600 Series firmware version SCV10150 or later

Proof of concept

Unknown

Description

Improper authentication in firmware for Intel(R) SSD DC S4500 Series and Intel(R) SSD DC S4600 Series versions before SCV10150 may allow an unprivileged user to potentially enable escalation of privilege via physical access.

Technical details

Unknown

Credits

Intel

Reference(s)

Intel® SSD DC S4500/S4600 Series Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00267.html

Download Intel® SSD Data Center Tool (Intel® SSD DCT)
https://downloadcenter.intel.com/download/28639/Intel-SSD-Data-Center-Tool-Intel-SSD-DCT-?product=83425

CVE-2018-18095
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18095

CVE-2018-18095
https://nvd.nist.gov/vuln/detail/CVE-2018-18095

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: July 16, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.