1. Home
  2. CVE Database
  3. CVE-2018-9080
MEDIUM · 5.9

CVE-2018-9080

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide...

Vulnerability Description

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. This allows an attacker who knows the cookie's value to compromise the user's session.

CVSS Score

5.9

MEDIUM

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
LenovoStorcenter Px12-450R Firmware4.1.402.34662
LenovoStorcenter Px12-450R-
LenovoStorcenter Px12-400R Firmware4.1.402.34662
LenovoStorcenter Px12-400R-
LenovoStorcenter Px4-300R Firmware4.1.402.34662
LenovoStorcenter Px4-300R-
LenovoStorcenter Px6-300D Firmware4.1.402.34662
LenovoStorcenter Px6-300D-
LenovoStorcenter Px4-300D Firmware4.1.402.34662
LenovoStorcenter Px4-300D-
LenovoStorcenter Px2-300D Firmware4.1.402.34662
LenovoStorcenter Px2-300D-
LenovoStorcenter Ix4-300D Firmware4.1.402.34662
LenovoStorcenter Ix4-300D-
LenovoStorcenter Ix2 Firmware4.1.402.34662
LenovoStorcenter Ix2-
LenovoStorcenter Ix2-Dl Firmware4.1.402.34662
LenovoStorcenter Ix2-Dl-
LenovoEz Media \& Backup Center Firmware4.1.402.34662
LenovoEz Media \& Backup Center-

Related Weaknesses (CWE)

CWE-287

References

FAQ

What is CVE-2018-9080?

CVE-2018-9080 is a vulnerability with a CVSS score of 5.9 (MEDIUM). For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide...

How severe is CVE-2018-9080?

CVE-2018-9080 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-9080?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Storcenter Px12-450R Firmware, Lenovo Storcenter Px12-450R, Lenovo Storcenter Px12-400R Firmware, Lenovo Storcenter Px12-400R, Lenovo Storcenter Px4-300R Firmware.