CVE-2022-28385

Name of the Vulnerable Software and Affected Versions Verbatim Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 Verbatim Fingerprint Secure Portable Hard Drive Part Number #53650

Description An issue was discovered in certain Verbatim drives due to missing integrity checks, allowing an attacker to manipulate the content of the emulated CD-ROM drive. The content is stored as an ISO-9660 image in the hidden sectors of the USB drive, accessible using special IOCTL commands or when installed in an external disk enclosure. By manipulating this image, an attacker can store malicious software on the emulated CD-ROM drive, which may be executed by an unsuspecting victim. An attacker with temporary physical access could program a modified ISO-9660 image, allowing them to decrypt user data or store other malicious software.

Recommendations For Verbatim Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1, consider disabling access to the emulated CD-ROM drive until a patch is available. For Verbatim Fingerprint Secure Portable Hard Drive Part Number #53650, restrict access to the hidden sectors of the USB drive to minimize the risk of exploitation. As a temporary workaround, avoid using the device until a fix is provided, to prevent potential execution of malicious software. At the moment, there is no information about a newer version that contains a fix for this vulnerability.