1. Home
  2. CVE Database
  3. CVE-2018-9082
HIGH · 8.8

CVE-2018-9082

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user's current password to ...

Vulnerability Description

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user's current password to set a new one. As a result, attackers with access to the user's session tokens can change their password and retain access to the user's account

CVSS Score

8.8

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
LenovoStorcenter Px12-450R Firmware4.1.402.34662
LenovoStorcenter Px12-450R-
LenovoStorcenter Px12-400R Firmware4.1.402.34662
LenovoStorcenter Px12-400R-
LenovoStorcenter Px4-300R Firmware4.1.402.34662
LenovoStorcenter Px4-300R-
LenovoStorcenter Px6-300D Firmware4.1.402.34662
LenovoStorcenter Px6-300D-
LenovoStorcenter Px4-300D Firmware4.1.402.34662
LenovoStorcenter Px4-300D-
LenovoStorcenter Px2-300D Firmware4.1.402.34662
LenovoStorcenter Px2-300D-
LenovoStorcenter Ix4-300D Firmware4.1.402.34662
LenovoStorcenter Ix4-300D-
LenovoStorcenter Ix2 Firmware4.1.402.34662
LenovoStorcenter Ix2-
LenovoStorcenter Ix2-Dl Firmware4.1.402.34662
LenovoStorcenter Ix2-Dl-
LenovoEz Media \& Backup Center Firmware4.1.402.34662
LenovoEz Media \& Backup Center-

Related Weaknesses (CWE)

CWE-384

References

FAQ

What is CVE-2018-9082?

CVE-2018-9082 is a vulnerability with a CVSS score of 8.8 (HIGH). For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user's current password to ...

How severe is CVE-2018-9082?

CVE-2018-9082 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-9082?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Storcenter Px12-450R Firmware, Lenovo Storcenter Px12-450R, Lenovo Storcenter Px12-400R Firmware, Lenovo Storcenter Px12-400R, Lenovo Storcenter Px4-300R Firmware.