Sign-up

ID

VAR-201906-1092


CVE

CVE-2019-10637


TITLE

plural Marvell SSD Controller Vulnerabilities related to security functions in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-005174

DESCRIPTION

plural Marvell SSD Controller The device contains vulnerabilities related to security functions.Information may be tampered with. Marvell SSD Controller 88SS1074 is a solid-state hard drive controller from Marvell. This vulnerability is due to the lack of security measures such as authentication, access control, and rights management in network systems or products. The following products and versions are affected: Marvell SSD Controller 88SS1074 ; 88SS1079 ; 88SS1080 ; 88SS1093 ; 88SS1092 ; 88SS1095 ; 88SS9174 ; 88SS9175 ; 88SS9187 ; 88SS9188 ; 88SS9189 ; 88SS9190 ; 88SS1085 ; 88SS1087 ; 88SS1090 ; 88SS1100 ; 88SS1084 ; 88SS1088 ; 88SS1098

Trust: 0.81

sources: JVNDB: JVNDB-2019-005174 // VULHUB: VHN-142203

AFFECTED PRODUCTS

vendor:marvellmodel:88ss1080scope:eqversion: -

Trust: 1.0

vendor:marvellmodel:88ss1087scope:eqversion: -

Trust: 1.0

vendor:marvellmodel:88ss1085scope:eqversion: -

Trust: 1.0

vendor:marvellmodel:88ss1100scope:eqversion: -

Trust: 1.0

vendor:marvellmodel:88ss1092scope:eqversion: -

Trust: 1.0

vendor:marvellmodel:88ss9188scope:eqversion: -

Trust: 1.0

vendor:marvellmodel:88ss9174scope:eqversion: -

Trust: 1.0

vendor:marvellmodel:88ss9175scope:eqversion: -

Trust: 1.0

vendor:marvellmodel:88ss1074scope:eqversion: -

Trust: 1.0

vendor:marvellmodel:88ss9189scope:eqversion: -

Trust: 1.0

vendor:marvellmodel:88ss1098scope:eqversion: -

Trust: 1.0

vendor:marvellmodel:88ss1095scope:eqversion: -

Trust: 1.0

vendor:marvellmodel:88ss1088scope:eqversion: -

Trust: 1.0

vendor:marvellmodel:88ss1093scope:eqversion: -

Trust: 1.0

vendor:marvellmodel:88ss1090scope:eqversion: -

Trust: 1.0

vendor:marvellmodel:88ss1079scope:eqversion: -

Trust: 1.0

vendor:marvellmodel:88ss1084scope:eqversion: -

Trust: 1.0

vendor:marvellmodel:88ss9187scope:eqversion: -

Trust: 1.0

vendor:marvellmodel:88ss9190scope:eqversion: -

Trust: 1.0

vendor:marvellmodel:88ss1074scope: - version: -

Trust: 0.8

vendor:marvellmodel:88ss1079scope: - version: -

Trust: 0.8

vendor:marvellmodel:88ss1080scope: - version: -

Trust: 0.8

vendor:marvellmodel:88ss1092scope: - version: -

Trust: 0.8

vendor:marvellmodel:88ss1093scope: - version: -

Trust: 0.8

vendor:marvellmodel:88ss1095scope: - version: -

Trust: 0.8

vendor:marvellmodel:88ss9174scope: - version: -

Trust: 0.8

vendor:marvellmodel:88ss9175scope: - version: -

Trust: 0.8

vendor:marvellmodel:88ss9187scope: - version: -

Trust: 0.8

vendor:marvellmodel:88ss9188scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-005174 // NVD: CVE-2019-10637

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10637
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-10637
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201906-216
value: MEDIUM

Trust: 0.6

VULHUB: VHN-142203
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-10637
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-142203
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-10637
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-142203 // JVNDB: JVNDB-2019-005174 // CNNVD: CNNVD-201906-216 // NVD: CVE-2019-10637

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-254

Trust: 0.9

sources: VULHUB: VHN-142203 // JVNDB: JVNDB-2019-005174 // NVD: CVE-2019-10637

TYPE

security feature problem

Trust: 0.6

sources: CNNVD: CNNVD-201906-216

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005174

PATCH
title:Security Advisoryurl:https://www.marvell.com/documents/x9g4hrszt5ls3udbe1eo/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-005174

EXTERNAL IDS
db:NVDid:CVE-2019-10637
Trust: 2.5
db:JVNDBid:JVNDB-2019-005174
Trust: 0.8
db:CNNVDid:CNNVD-201906-216
Trust: 0.7
db:VULHUBid:VHN-142203
Trust: 0.1
sources:
            
            
            VULHUB: VHN-142203 // 
            
            
            
            JVNDB: JVNDB-2019-005174 // 
            
            
            
            CNNVD: CNNVD-201906-216 // 
            
            
            
            NVD: CVE-2019-10637

REFERENCES
url:https://www.marvell.com/documents/x9g4hrszt5ls3udbe1eo/
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-10637
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10637
Trust: 0.8
sources:
            
            
            VULHUB: VHN-142203 // 
            
            
            
            JVNDB: JVNDB-2019-005174 // 
            
            
            
            CNNVD: CNNVD-201906-216 // 
            
            
            
            NVD: CVE-2019-10637

SOURCES
db:VULHUBid:VHN-142203
db:JVNDBid:JVNDB-2019-005174
db:CNNVDid:CNNVD-201906-216
db:NVDid:CVE-2019-10637

LAST UPDATE DATE
2024-11-23T23:11:47.616000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-142203date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-005174date:2019-06-17T00:00:00
db:CNNVDid:CNNVD-201906-216date:2020-08-25T00:00:00
db:NVDid:CVE-2019-10637date:2024-11-21T04:19:38.470

SOURCES RELEASE DATE
db:VULHUBid:VHN-142203date:2019-06-05T00:00:00
db:JVNDBid:JVNDB-2019-005174date:2019-06-17T00:00:00
db:CNNVDid:CNNVD-201906-216date:2019-06-05T00:00:00
db:NVDid:CVE-2019-10637date:2019-06-05T16:29:00.243