CVE-2018-9079
Iomega and LenovoEMC NAS Web UI Vulnerabilities
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript handlers to execute arbitrary JavaScript with the origin of the device.
Para algunos dispositivos NAS Iomega, Lenovo y LenovoEMC en versiones 4.1.402.34662 y anteriores, los adversarios pueden manipular URL para modificar el DOM (Document Object Model) de la página. Además, los adversarios pueden inyectar etiquetas de scripts HTML y etiquetas HTML con manejadores JavaScript para ejecutar JavaScript arbitrario con el origen del dispositivo.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-03-27 CVE Reserved
- 2018-09-28 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.lenovo.com/us/en/solutions/LEN-24224 | 2020-08-24 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Lenovo Search vendor "Lenovo" | Storcenter Px12-450r Firmware Search vendor "Lenovo" for product "Storcenter Px12-450r Firmware" | 4.1.402.34662 Search vendor "Lenovo" for product "Storcenter Px12-450r Firmware" and version "4.1.402.34662" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Storcenter Px12-450r Search vendor "Lenovo" for product "Storcenter Px12-450r" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Storcenter Px12-400r Firmware Search vendor "Lenovo" for product "Storcenter Px12-400r Firmware" | 4.1.402.34662 Search vendor "Lenovo" for product "Storcenter Px12-400r Firmware" and version "4.1.402.34662" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Storcenter Px12-400r Search vendor "Lenovo" for product "Storcenter Px12-400r" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Storcenter Px4-300r Firmware Search vendor "Lenovo" for product "Storcenter Px4-300r Firmware" | 4.1.402.34662 Search vendor "Lenovo" for product "Storcenter Px4-300r Firmware" and version "4.1.402.34662" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Storcenter Px4-300r Search vendor "Lenovo" for product "Storcenter Px4-300r" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Storcenter Px6-300d Firmware Search vendor "Lenovo" for product "Storcenter Px6-300d Firmware" | 4.1.402.34662 Search vendor "Lenovo" for product "Storcenter Px6-300d Firmware" and version "4.1.402.34662" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Storcenter Px6-300d Search vendor "Lenovo" for product "Storcenter Px6-300d" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Storcenter Px4-300d Firmware Search vendor "Lenovo" for product "Storcenter Px4-300d Firmware" | 4.1.402.34662 Search vendor "Lenovo" for product "Storcenter Px4-300d Firmware" and version "4.1.402.34662" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Storcenter Px4-300d Search vendor "Lenovo" for product "Storcenter Px4-300d" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Storcenter Px2-300d Firmware Search vendor "Lenovo" for product "Storcenter Px2-300d Firmware" | 4.1.402.34662 Search vendor "Lenovo" for product "Storcenter Px2-300d Firmware" and version "4.1.402.34662" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Storcenter Px2-300d Search vendor "Lenovo" for product "Storcenter Px2-300d" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Storcenter Ix4-300d Firmware Search vendor "Lenovo" for product "Storcenter Ix4-300d Firmware" | 4.1.402.34662 Search vendor "Lenovo" for product "Storcenter Ix4-300d Firmware" and version "4.1.402.34662" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Storcenter Ix4-300d Search vendor "Lenovo" for product "Storcenter Ix4-300d" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Storcenter Ix2 Firmware Search vendor "Lenovo" for product "Storcenter Ix2 Firmware" | 4.1.402.34662 Search vendor "Lenovo" for product "Storcenter Ix2 Firmware" and version "4.1.402.34662" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Storcenter Ix2 Search vendor "Lenovo" for product "Storcenter Ix2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Storcenter Ix2-dl Firmware Search vendor "Lenovo" for product "Storcenter Ix2-dl Firmware" | 4.1.402.34662 Search vendor "Lenovo" for product "Storcenter Ix2-dl Firmware" and version "4.1.402.34662" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Storcenter Ix2-dl Search vendor "Lenovo" for product "Storcenter Ix2-dl" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Ez Media \& Backup Center Firmware Search vendor "Lenovo" for product "Ez Media \& Backup Center Firmware" | 4.1.402.34662 Search vendor "Lenovo" for product "Ez Media \& Backup Center Firmware" and version "4.1.402.34662" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Ez Media \& Backup Center Search vendor "Lenovo" for product "Ez Media \& Backup Center" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Px12-450r Firmware Search vendor "Lenovo" for product "Px12-450r Firmware" | 4.1.402.34662 Search vendor "Lenovo" for product "Px12-450r Firmware" and version "4.1.402.34662" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Px12-450r Search vendor "Lenovo" for product "Px12-450r" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Px12-400r Firmware Search vendor "Lenovo" for product "Px12-400r Firmware" | 4.1.402.34662 Search vendor "Lenovo" for product "Px12-400r Firmware" and version "4.1.402.34662" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Px12-400r Search vendor "Lenovo" for product "Px12-400r" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Px4-400r Firmware Search vendor "Lenovo" for product "Px4-400r Firmware" | 4.1.402.34662 Search vendor "Lenovo" for product "Px4-400r Firmware" and version "4.1.402.34662" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Px4-400r Search vendor "Lenovo" for product "Px4-400r" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Px4-300r Firmware Search vendor "Lenovo" for product "Px4-300r Firmware" | 4.1.402.34662 Search vendor "Lenovo" for product "Px4-300r Firmware" and version "4.1.402.34662" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Px4-300r Search vendor "Lenovo" for product "Px4-300r" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Px6-300d Firmware Search vendor "Lenovo" for product "Px6-300d Firmware" | 4.1.402.34662 Search vendor "Lenovo" for product "Px6-300d Firmware" and version "4.1.402.34662" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Px6-300d Search vendor "Lenovo" for product "Px6-300d" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Px4-400d Firmware Search vendor "Lenovo" for product "Px4-400d Firmware" | 4.1.402.34662 Search vendor "Lenovo" for product "Px4-400d Firmware" and version "4.1.402.34662" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Px4-400d Search vendor "Lenovo" for product "Px4-400d" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Px4-300d Firmware Search vendor "Lenovo" for product "Px4-300d Firmware" | 4.1.402.34662 Search vendor "Lenovo" for product "Px4-300d Firmware" and version "4.1.402.34662" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Px4-300d Search vendor "Lenovo" for product "Px4-300d" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Px2-300d Firmware Search vendor "Lenovo" for product "Px2-300d Firmware" | 4.1.402.34662 Search vendor "Lenovo" for product "Px2-300d Firmware" and version "4.1.402.34662" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Px2-300d Search vendor "Lenovo" for product "Px2-300d" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Ix4-300d Firmware Search vendor "Lenovo" for product "Ix4-300d Firmware" | 4.1.402.34662 Search vendor "Lenovo" for product "Ix4-300d Firmware" and version "4.1.402.34662" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Ix4-300d Search vendor "Lenovo" for product "Ix4-300d" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Ix2 Firmware Search vendor "Lenovo" for product "Ix2 Firmware" | 4.1.402.34662 Search vendor "Lenovo" for product "Ix2 Firmware" and version "4.1.402.34662" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Ix2 Search vendor "Lenovo" for product "Ix2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Ez Media \& Backup Center Firmware Search vendor "Lenovo" for product "Ez Media \& Backup Center Firmware" | 4.1.402.34662 Search vendor "Lenovo" for product "Ez Media \& Backup Center Firmware" and version "4.1.402.34662" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Ez Media \& Backup Center Search vendor "Lenovo" for product "Ez Media \& Backup Center" | - | - |
Safe
|