CVE-2019-11686
MEDIUMWestern Digital SanDisk - Info Disclosure
Title source: llmDescription
Western Digital SanDisk X300, X300s, X400, and X600 devices: A vulnerability in the wear-leveling algorithm of the drive may cause cryptographically sensitive parameters (such as data encryption keys) to remain on the drive media after their intended erasure.
Scores
CVSS v3
5.5
EPSS
0.0010
EPSS Percentile
27.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Classification
CWE
CWE-522
Status
published
Affected Products (50)
westerndigital/sandisk_x600_sd9tb8w-128g_firmware
< x6112100
westerndigital/sandisk_x600_sd9tb8w-256g_firmware
< x6112100
westerndigital/sandisk_x600_sd9tb8w-512g_firmware
< x6112100
westerndigital/sandisk_x600_sd9tb8w-1t00_firmware
< x6112100
westerndigital/sandisk_x600_sd9tb8w-2t00_firmware
< x6112100
westerndigital/sandisk_x600_sd9tn8w-128g_firmware
< x6112100
westerndigital/sandisk_x600_sd9tn8w-256g_firmware
< x6112100
westerndigital/sandisk_x600_sd9tn8w-512g_firmware
< x6112100
westerndigital/sandisk_x600_sd9tn8w-1t00_firmware
< x6112100
westerndigital/sandisk_x600_sd9tn8w-2t00_firmware
< x6112100
westerndigital/sandisk_x600_sd9sb8w-128g_firmware
< x6112100
westerndigital/sandisk_x600_sd9sb8w-256g_firmware
< x6112100
westerndigital/sandisk_x600_sd9sb8w-512g_firmware
< x6112100
westerndigital/sandisk_x600_sd9sb8w-1t00_firmware
< x6112100
westerndigital/sandisk_x600_sd9sb8w-2t00_firmware
< x6112100
... and 35 more
Timeline
Published
Mar 10, 2020
Tracked Since
Feb 18, 2026