CVE-2024-42642
Essential information
- Published
- 04/09/2024 20:15
- Modified
- 10/09/2024 13:46
- Author
- —
- Creator
- —
- CVSS
- 6.7 MEDIUM (v3.1)
- CISA KEV
- No
- CWE
- —
- CVSS vector
-
—
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H—
CVSS metrics
- Access vector
- —
- Access complexity
- —
- Authentication
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploitability
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- LOCAL
- Attack complexity
- LOW
- Privileges required
- HIGH
- User interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality impact
- HIGH
- Integrity impact
- HIGH
- Availability impact
- HIGH
- Exploit code maturity
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- —
- Attack complexity
- —
- Attack requirements
- —
- Privileges required
- —
- User interaction
- —
- Confidentiality (V)
- —
- Confidentiality (S)
- —
- Integrity (V)
- —
- Integrity (S)
- —
- Availability (V)
- —
- Availability (S)
- —
- Exploit maturity
- —
Description
Micron Crucial MX500 Series Solid State Drives M3CR046 is vulnerable to Buffer Overflow, which can be triggered by sending specially crafted ATA packets from the host to the drive controller.
NVD status
- Status
- Analyzed — CVE has had analysis completed and all data associations made.
- Source
- [email protected]
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| crucial / mx500 firmware | cpe:2.3:o:crucial:mx500_firmware:m3cr046:*:*:*:*:*:*:* |
| crucial / ct1000mx500ssd1 | cpe:2.3:h:crucial:ct1000mx500ssd1:-:*:*:*:*:*:*:* |
| crucial / ct2000mx500ssd1 | cpe:2.3:h:crucial:ct2000mx500ssd1:-:*:*:*:*:*:*:* |
| crucial / ct250mx500ssd1 | cpe:2.3:h:crucial:ct250mx500ssd1:-:*:*:*:*:*:*:* |
| crucial / ct4000mx500ssd1 | cpe:2.3:h:crucial:ct4000mx500ssd1:-:*:*:*:*:*:*:* |
| crucial / ct500mx500ssd1 | cpe:2.3:h:crucial:ct500mx500ssd1:-:*:*:*:*:*:*:* |