Lucene search

[email protected]NVD:CVE-2018-9082

HistorySep 28, 2018 - 8:29 p.m.

CVE-2018-9082

2018-09-2820:29:01

CWE-384

[email protected]

web.nvd.nist.gov

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.9%

JSON

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user’s current password to set a new one. As a result, attackers with access to the user’s session tokens can change their password and retain access to the user’s account

Affected configurations

NVD

Node

lenovostorcenter_px12-450r_firmwareMatch4.1.402.34662

AND

lenovostorcenter_px12-450rMatch-

Node

lenovostorcenter_px12-400r_firmwareMatch4.1.402.34662

AND

lenovostorcenter_px12-400rMatch-

Node

lenovostorcenter_px4-300r_firmwareMatch4.1.402.34662

AND

lenovostorcenter_px4-300rMatch-

Node

lenovostorcenter_px6-300d_firmwareMatch4.1.402.34662

AND

lenovostorcenter_px6-300dMatch-

Node

lenovostorcenter_px4-300d_firmwareMatch4.1.402.34662

AND

lenovostorcenter_px4-300dMatch-

Node

lenovostorcenter_px2-300d_firmwareMatch4.1.402.34662

AND

lenovostorcenter_px2-300dMatch-

Node

lenovostorcenter_ix4-300d_firmwareMatch4.1.402.34662

AND

lenovostorcenter_ix4-300dMatch-

Node

lenovostorcenter_ix2_firmwareMatch4.1.402.34662

AND

lenovostorcenter_ix2Match-

Node

lenovostorcenter_ix2-dl_firmwareMatch4.1.402.34662

AND

lenovostorcenter_ix2-dlMatch-

Node

lenovoez_media_\&_backup_center_firmwareMatch4.1.402.34662

AND

lenovoez_media_\&_backup_centerMatch-

Node

lenovopx12-450r_firmwareMatch4.1.402.34662

AND

lenovopx12-450rMatch-

Node

lenovopx12-400r_firmwareMatch4.1.402.34662

AND

lenovopx12-400rMatch-

Node

lenovopx4-400r_firmwareMatch4.1.402.34662

AND

lenovopx4-400rMatch-

Node

lenovopx4-300r_firmwareMatch4.1.402.34662

AND

lenovopx4-300rMatch-

Node

lenovopx6-300d_firmwareMatch4.1.402.34662

AND

lenovopx6-300dMatch-

Node

lenovopx4-400d_firmwareMatch4.1.402.34662

AND

lenovopx4-400dMatch-

Node

lenovopx4-300d_firmwareMatch4.1.402.34662

AND

lenovopx4-300dMatch-

Node

lenovopx2-300d_firmwareMatch4.1.402.34662

AND

lenovopx2-300dMatch-

Node

lenovoix4-300d_firmwareMatch4.1.402.34662

AND

lenovoix4-300dMatch-

Node

lenovoix2_firmwareMatch4.1.402.34662

AND

lenovoix2Match-

Node

lenovoez_media_\&_backup_center_firmwareMatch4.1.402.34662

AND

lenovoez_media_\&_backup_centerMatch-

References

support.lenovo.com/us/en/solutions/LEN-24224

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.9%

JSON

Related for NVD:CVE-2018-9082

prion1 cvelist1 cve1 threatpost1 lenovo2