1. Home
  2. CVE Database
  3. CVE-2018-9079
CRITICAL · 9.8

CVE-2018-9079

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. In addition, adversaries can inject...

Vulnerability Description

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript handlers to execute arbitrary JavaScript with the origin of the device.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
LenovoStorcenter Px12-450R Firmware4.1.402.34662
LenovoStorcenter Px12-450R-
LenovoStorcenter Px12-400R Firmware4.1.402.34662
LenovoStorcenter Px12-400R-
LenovoStorcenter Px4-300R Firmware4.1.402.34662
LenovoStorcenter Px4-300R-
LenovoStorcenter Px6-300D Firmware4.1.402.34662
LenovoStorcenter Px6-300D-
LenovoStorcenter Px4-300D Firmware4.1.402.34662
LenovoStorcenter Px4-300D-
LenovoStorcenter Px2-300D Firmware4.1.402.34662
LenovoStorcenter Px2-300D-
LenovoStorcenter Ix4-300D Firmware4.1.402.34662
LenovoStorcenter Ix4-300D-
LenovoStorcenter Ix2 Firmware4.1.402.34662
LenovoStorcenter Ix2-
LenovoStorcenter Ix2-Dl Firmware4.1.402.34662
LenovoStorcenter Ix2-Dl-
LenovoEz Media \& Backup Center Firmware4.1.402.34662
LenovoEz Media \& Backup Center-

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2018-9079?

CVE-2018-9079 is a vulnerability with a CVSS score of 9.8 (CRITICAL). For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. In addition, adversaries can inject...

How severe is CVE-2018-9079?

CVE-2018-9079 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2018-9079?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Storcenter Px12-450R Firmware, Lenovo Storcenter Px12-450R, Lenovo Storcenter Px12-400R Firmware, Lenovo Storcenter Px12-400R, Lenovo Storcenter Px4-300R Firmware.