ID
VAR-201711-0011
CVE
CVE-2015-7269
TITLE
Seagate ST500LT015 of HDD Vulnerabilities bypassing security functions
Trust: 0.8
DESCRIPTION
Seagate ST500LT015 hard disk drives, when operating in eDrive mode on Lenovo ThinkPad W541 laptops with BIOS 2.21, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by attaching a second SATA connector to exposed pins, maintaining an alternate power source, and attaching the data cable to another machine, aka a "Hot Unplug Attack.". Seagate ST500LT015 Vulnerabilities exist in the hard disk drives that bypass security features.Information may be obtained. LenovoThinkPadW541laptopswithBIOS2.21 is a notebook computer of China Lenovo (Lenovo) that uses BIOS 2.21 version. SeagateST500LT015harddiskdrive is a hard drive made by Seagate, a computer used in the United States. There is a security hole in the SeagateST500LT015harddiskdrive on the Lenovo ThinkPad W541 laptop with BIOS version 2.21. This may aid in further attacks
Trust: 2.52
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | seagate | model: | st500lt015 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | seagate | model: | st500lt015 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | lenovo | model: | st500lt015 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | seagate | model: | st500lt015 | scope: | eq | version: | 0 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-254 | Trust: 1.9 |
THREAT TYPE
local
Trust: 0.9
TYPE
lack of information
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | Top Page | url: | https://www.seagate.com/jp/ja/ | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2015-7269 | Trust: 3.4 |
| db: | JVNDB | id: | JVNDB-2015-008066 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201711-1080 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2017-38307 | Trust: 0.6 |
| db: | BID | id: | 102266 | Trust: 0.4 |
| db: | VULHUB | id: | VHN-85230 | Trust: 0.1 |
REFERENCES
| url: | https://www.blackhat.com/docs/eu-15/materials/eu-15-boteanu-bypassing-self-encrypting-drives-sed-in-enterprise-environments-wp.pdf | Trust: 3.4 |
| url: | https://www.infoworld.com/article/3004913/encryption/self-encrypting-drives-are-hardly-any-better-than-software-based-encryption.html | Trust: 2.0 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7269 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2015-7269 | Trust: 0.8 |
| url: | https://www.seagate.com | Trust: 0.3 |
CREDITS
The vendor reported this issue.
Trust: 0.3
SOURCES
| db: | CNVD | id: | CNVD-2017-38307 |
| db: | VULHUB | id: | VHN-85230 |
| db: | BID | id: | 102266 |
| db: | JVNDB | id: | JVNDB-2015-008066 |
| db: | CNNVD | id: | CNNVD-201711-1080 |
| db: | NVD | id: | CVE-2015-7269 |
LAST UPDATE DATE
2025-04-20T23:24:51.935000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2017-38307 | date: | 2017-12-28T00:00:00 |
| db: | VULHUB | id: | VHN-85230 | date: | 2017-12-20T00:00:00 |
| db: | BID | id: | 102266 | date: | 2017-11-27T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-008066 | date: | 2018-01-10T00:00:00 |
| db: | CNNVD | id: | CNNVD-201711-1080 | date: | 2017-11-28T00:00:00 |
| db: | NVD | id: | CVE-2015-7269 | date: | 2025-04-20T01:37:25.860 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2017-38307 | date: | 2017-12-28T00:00:00 |
| db: | VULHUB | id: | VHN-85230 | date: | 2017-11-27T00:00:00 |
| db: | BID | id: | 102266 | date: | 2017-11-27T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-008066 | date: | 2018-01-10T00:00:00 |
| db: | CNNVD | id: | CNNVD-201711-1080 | date: | 2017-11-28T00:00:00 |
| db: | NVD | id: | CVE-2015-7269 | date: | 2017-11-27T22:29:00.333 |