CVE-2020-12309

Name: CVE-2020-12309
Creator: NVD / NIST
Published: 2020-11-12T18:15:13.907+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 4.6/10EPSS 0.33%

Last modified Jun 17, 2026

CVE-2020-12309 is a medium-severity vulnerability rated 4.6/10 on the CVSS scale. Insufficiently protected credentialsin subsystem in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access.. EPSS estimates a 0.33% chance of exploitation in the next 30 days.

Description

Insufficiently protected credentialsin subsystem in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access.

Metrics

CVSS 3.1

4.6/10

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Probability

0.33%

24.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-522

Affected Software

Vendor	Product	Versions
Intel	Ssd Pro 6000p Firmware	< psf131p
Intel	Ssd Pro 5450s Firmware	< lhf005p
Intel	Ssd E 5100s Firmware	< lhf004e
Intel	Ssd Pro 5400s Firmware	< lbf017p
Intel	Ssd Pro 7600p Firmware	< 005p
Intel	Ssd 760p Firmware	< 005c
Intel	Ssd E 6100p Firmware	< 005e
Intel	Ssd 660p Firmware	< 004c
Intel	Optane Ssd 905p Firmware	< e2010480
Intel	Optane Ssd 900p Firmware	< e2010480
Intel	Ssd Dc P4510 Firmware	< vdv10170
Intel	Ssd Dc P4610 Firmware	< vdv10170
Intel	Ssd Dc P4800x Firmware	< e2010485
Intel	Ssd Dc P4801x Firmware	< e2010485
Intel	Ssd Dc P4101 Firmware	< 008d
Intel	Ssd Pro 5450s Firmware	< lhf0b3p
Intel	Ssd E 5100s Firmware	< lhf0ae3
Intel	Ssd Pro 5400s Firmware	< lsf043p

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00362Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00362Vendor Advisory

Timeline

Published: Nov 12, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-12309?

How severe is CVE-2020-12309?

CVE-2020-12309 has a CVSS score of 4.6/10 (MEDIUM severity). The EPSS model estimates a 0.33% probability of exploitation in the next 30 days.

How do I fix CVE-2020-12309?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-12309?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST