CVE-2018-9080
Iomega and LenovoEMC NAS Web UI Vulnerabilities
Severity Score
5.9
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. This allows an attacker who knows the cookie's value to compromise the user's session.
Para algunos dispositivos NAS Iomega, Lenovo y LenovoEMC en versiones 4.1.402.34662 y anteriores, al establecer la cookie Iomega a un valor conocido antes de iniciar sesión en la aplicación web de NAS, ésta no proporcionará al usuario un nuevo valor de cookie. Esto permite que un atacante que conozca el valor de la cookie comprometa la sesión del usuario.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-03-27 CVE Reserved
- 2018-09-28 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-07 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.lenovo.com/us/en/solutions/LEN-24224 | 2019-01-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Lenovo Search vendor "Lenovo" | Storcenter Px12-450r Firmware Search vendor "Lenovo" for product "Storcenter Px12-450r Firmware" | 4.1.402.34662 Search vendor "Lenovo" for product "Storcenter Px12-450r Firmware" and version "4.1.402.34662" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Storcenter Px12-450r Search vendor "Lenovo" for product "Storcenter Px12-450r" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Storcenter Px12-400r Firmware Search vendor "Lenovo" for product "Storcenter Px12-400r Firmware" | 4.1.402.34662 Search vendor "Lenovo" for product "Storcenter Px12-400r Firmware" and version "4.1.402.34662" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Storcenter Px12-400r Search vendor "Lenovo" for product "Storcenter Px12-400r" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Storcenter Px4-300r Firmware Search vendor "Lenovo" for product "Storcenter Px4-300r Firmware" | 4.1.402.34662 Search vendor "Lenovo" for product "Storcenter Px4-300r Firmware" and version "4.1.402.34662" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Storcenter Px4-300r Search vendor "Lenovo" for product "Storcenter Px4-300r" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Storcenter Px6-300d Firmware Search vendor "Lenovo" for product "Storcenter Px6-300d Firmware" | 4.1.402.34662 Search vendor "Lenovo" for product "Storcenter Px6-300d Firmware" and version "4.1.402.34662" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Storcenter Px6-300d Search vendor "Lenovo" for product "Storcenter Px6-300d" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Storcenter Px4-300d Firmware Search vendor "Lenovo" for product "Storcenter Px4-300d Firmware" | 4.1.402.34662 Search vendor "Lenovo" for product "Storcenter Px4-300d Firmware" and version "4.1.402.34662" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Storcenter Px4-300d Search vendor "Lenovo" for product "Storcenter Px4-300d" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Storcenter Px2-300d Firmware Search vendor "Lenovo" for product "Storcenter Px2-300d Firmware" | 4.1.402.34662 Search vendor "Lenovo" for product "Storcenter Px2-300d Firmware" and version "4.1.402.34662" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Storcenter Px2-300d Search vendor "Lenovo" for product "Storcenter Px2-300d" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Storcenter Ix4-300d Firmware Search vendor "Lenovo" for product "Storcenter Ix4-300d Firmware" | 4.1.402.34662 Search vendor "Lenovo" for product "Storcenter Ix4-300d Firmware" and version "4.1.402.34662" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Storcenter Ix4-300d Search vendor "Lenovo" for product "Storcenter Ix4-300d" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Storcenter Ix2 Firmware Search vendor "Lenovo" for product "Storcenter Ix2 Firmware" | 4.1.402.34662 Search vendor "Lenovo" for product "Storcenter Ix2 Firmware" and version "4.1.402.34662" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Storcenter Ix2 Search vendor "Lenovo" for product "Storcenter Ix2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Storcenter Ix2-dl Firmware Search vendor "Lenovo" for product "Storcenter Ix2-dl Firmware" | 4.1.402.34662 Search vendor "Lenovo" for product "Storcenter Ix2-dl Firmware" and version "4.1.402.34662" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Storcenter Ix2-dl Search vendor "Lenovo" for product "Storcenter Ix2-dl" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Ez Media \& Backup Center Firmware Search vendor "Lenovo" for product "Ez Media \& Backup Center Firmware" | 4.1.402.34662 Search vendor "Lenovo" for product "Ez Media \& Backup Center Firmware" and version "4.1.402.34662" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Ez Media \& Backup Center Search vendor "Lenovo" for product "Ez Media \& Backup Center" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Px12-450r Firmware Search vendor "Lenovo" for product "Px12-450r Firmware" | 4.1.402.34662 Search vendor "Lenovo" for product "Px12-450r Firmware" and version "4.1.402.34662" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Px12-450r Search vendor "Lenovo" for product "Px12-450r" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Px12-400r Firmware Search vendor "Lenovo" for product "Px12-400r Firmware" | 4.1.402.34662 Search vendor "Lenovo" for product "Px12-400r Firmware" and version "4.1.402.34662" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Px12-400r Search vendor "Lenovo" for product "Px12-400r" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Px4-400r Firmware Search vendor "Lenovo" for product "Px4-400r Firmware" | 4.1.402.34662 Search vendor "Lenovo" for product "Px4-400r Firmware" and version "4.1.402.34662" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Px4-400r Search vendor "Lenovo" for product "Px4-400r" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Px4-300r Firmware Search vendor "Lenovo" for product "Px4-300r Firmware" | 4.1.402.34662 Search vendor "Lenovo" for product "Px4-300r Firmware" and version "4.1.402.34662" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Px4-300r Search vendor "Lenovo" for product "Px4-300r" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Px6-300d Firmware Search vendor "Lenovo" for product "Px6-300d Firmware" | 4.1.402.34662 Search vendor "Lenovo" for product "Px6-300d Firmware" and version "4.1.402.34662" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Px6-300d Search vendor "Lenovo" for product "Px6-300d" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Px4-400d Firmware Search vendor "Lenovo" for product "Px4-400d Firmware" | 4.1.402.34662 Search vendor "Lenovo" for product "Px4-400d Firmware" and version "4.1.402.34662" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Px4-400d Search vendor "Lenovo" for product "Px4-400d" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Px4-300d Firmware Search vendor "Lenovo" for product "Px4-300d Firmware" | 4.1.402.34662 Search vendor "Lenovo" for product "Px4-300d Firmware" and version "4.1.402.34662" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Px4-300d Search vendor "Lenovo" for product "Px4-300d" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Px2-300d Firmware Search vendor "Lenovo" for product "Px2-300d Firmware" | 4.1.402.34662 Search vendor "Lenovo" for product "Px2-300d Firmware" and version "4.1.402.34662" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Px2-300d Search vendor "Lenovo" for product "Px2-300d" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Ix4-300d Firmware Search vendor "Lenovo" for product "Ix4-300d Firmware" | 4.1.402.34662 Search vendor "Lenovo" for product "Ix4-300d Firmware" and version "4.1.402.34662" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Ix4-300d Search vendor "Lenovo" for product "Ix4-300d" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Ix2 Firmware Search vendor "Lenovo" for product "Ix2 Firmware" | 4.1.402.34662 Search vendor "Lenovo" for product "Ix2 Firmware" and version "4.1.402.34662" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Ix2 Search vendor "Lenovo" for product "Ix2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Ez Media \& Backup Center Firmware Search vendor "Lenovo" for product "Ez Media \& Backup Center Firmware" | 4.1.402.34662 Search vendor "Lenovo" for product "Ez Media \& Backup Center Firmware" and version "4.1.402.34662" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Ez Media \& Backup Center Search vendor "Lenovo" for product "Ez Media \& Backup Center" | - | - |
Safe
|