CVE-2018-9082 (GCVE-0-2018-9082)

Vulnerability from cvelistv5 – Published: 2018-09-28 20:00 – Updated: 2024-08-05 07:17
VLAI?
Summary
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user's current password to set a new one. As a result, attackers with access to the user's session tokens can change their password and retain access to the user's account
Severity ?
No CVSS data available.
CWE
  • Password change does not require existing password
Assigner
References
Impacted products
Vendor Product Version
Lenovo Group LTD Iomega StorCenter Affected: 4.1.402.34662 , ≤ 4.1.402.34662 (custom)
Create a notification for this product.
    Lenovo Group LTD LenovoEMC Affected: 4.1.402.34662 , ≤ 4.1.402.34662 (custom)
Create a notification for this product.
    Lenovo Group LTD EZ Media and Backup Center Affected: 4.1.402.34662 , ≤ 4.1.402.34662 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:17:50.627Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Iomega StorCenter",
          "vendor": "Lenovo Group LTD",
          "versions": [
            {
              "lessThanOrEqual": "4.1.402.34662",
              "status": "affected",
              "version": "4.1.402.34662",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "LenovoEMC",
          "vendor": "Lenovo Group LTD",
          "versions": [
            {
              "lessThanOrEqual": "4.1.402.34662",
              "status": "affected",
              "version": "4.1.402.34662",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "EZ Media and Backup Center",
          "vendor": "Lenovo Group LTD",
          "versions": [
            {
              "lessThanOrEqual": "4.1.402.34662",
              "status": "affected",
              "version": "4.1.402.34662",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-09-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user\u0027s current password to set a new one. As a result, attackers with access to the user\u0027s session tokens can change their password and retain access to the user\u0027s account"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Password change does not require existing password",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-28T19:57:01",
        "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "shortName": "lenovo"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
        }
      ],
      "source": {
        "advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
        "discovery": "UNKNOWN"
      },
      "title": "Iomega and LenovoEMC NAS Web UI Vulnerabilities",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@lenovo.com",
          "ID": "CVE-2018-9082",
          "STATE": "PUBLIC",
          "TITLE": "Iomega and LenovoEMC NAS Web UI Vulnerabilities"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Iomega StorCenter",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c=",
                            "version_affected": "\u003c=",
                            "version_name": "4.1.402.34662",
                            "version_value": "4.1.402.34662"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "LenovoEMC",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c=",
                            "version_affected": "\u003c=",
                            "version_name": "4.1.402.34662",
                            "version_value": "4.1.402.34662"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "EZ Media and Backup Center",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c=",
                            "version_affected": "\u003c=",
                            "version_name": "4.1.402.34662",
                            "version_value": "4.1.402.34662"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Lenovo Group LTD"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user\u0027s current password to set a new one. As a result, attackers with access to the user\u0027s session tokens can change their password and retain access to the user\u0027s account"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Password change does not require existing password"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.lenovo.com/us/en/solutions/LEN-24224",
              "refsource": "CONFIRM",
              "url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
            }
          ]
        },
        "source": {
          "advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
    "assignerShortName": "lenovo",
    "cveId": "CVE-2018-9082",
    "datePublished": "2018-09-28T20:00:00",
    "dateReserved": "2018-03-27T00:00:00",
    "dateUpdated": "2024-08-05T07:17:50.627Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:storcenter_px12-450r_firmware:4.1.402.34662:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9C681D87-390C-4515-876B-56F301C6C2E8\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:storcenter_px12-450r:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CDDD583F-99C1-474D-9D33-CB3FFBF87710\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:storcenter_px12-400r_firmware:4.1.402.34662:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1552A6C4-D72C-4F4A-959A-A74FB2F9331F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:storcenter_px12-400r:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AC5322D3-C5F9-4E1B-9E92-E4199D4D4E38\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:storcenter_px4-300r_firmware:4.1.402.34662:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6DC36B80-3542-46E8-ABB0-988BF8405336\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:storcenter_px4-300r:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"74CF0CA3-C011-479E-90DB-1C4D9136778C\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:storcenter_px6-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6C7F667B-CF55-458E-A0DF-2D0BA47FF34E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:storcenter_px6-300d:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8750825E-AD9D-43FF-BA19-C1DC360E4050\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:storcenter_px4-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"57CA96CA-47B7-4C36-B160-49AEAFEC7AE9\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:storcenter_px4-300d:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"30DAD273-0243-4C4B-BA48-98843262D454\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:storcenter_px2-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9442509-43F9-43AE-ABB8-A109029CBCB8\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:storcenter_px2-300d:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"67148992-00E9-4F99-8027-6AA0C56D64C3\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:storcenter_ix4-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0538AFC3-AF46-4A3D-BDA2-3D2B287C5083\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:storcenter_ix4-300d:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"70A8A885-87E4-47B6-964C-BD6B2CC253C3\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:storcenter_ix2_firmware:4.1.402.34662:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D076F4B4-CC3B-4FC4-8E65-D2B656FB8F3E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:storcenter_ix2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3CF64BC7-7AE0-4822-9F95-325EF6B914CB\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:storcenter_ix2-dl_firmware:4.1.402.34662:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"73152B06-114D-41CA-B4A4-F430F7A1D818\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:storcenter_ix2-dl:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E46920A-82FF-4E15-AB22-DFDB6D532DB2\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:ez_media_\\\\\u0026_backup_center_firmware:4.1.402.34662:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"815AF29A-A455-4452-BEDC-469072A078CF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:ez_media_\\\\\u0026_backup_center:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"70B23F2C-23A4-44E1-AD8B-89F3A9E32013\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:px12-450r_firmware:4.1.402.34662:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"24151BE4-3D25-4ED6-BD93-117C9AEDEC80\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:px12-450r:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BDEDB98C-CB83-467A-B866-1E26146977BA\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:px12-400r_firmware:4.1.402.34662:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F5FB2FAB-E9C6-48F9-B4B0-5FAF908E9FEF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:px12-400r:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"068F1733-22CD-4265-8519-54968CBCDA51\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:px4-400r_firmware:4.1.402.34662:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5BAE671E-04BF-4BAE-847A-8236FB9EB927\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:px4-400r:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3D8C2AAD-0356-4C4C-B1F2-50736844A809\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:px4-300r_firmware:4.1.402.34662:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7298F84-E758-4AB3-9F0C-6F6B11997E69\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:px4-300r:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"93AECD5C-256C-4F24-8162-14E569CDCED6\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:px6-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"83A7AFAE-89F3-4E69-83C4-77361D5DBD2B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:px6-300d:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E32EDB44-96C0-425C-B192-0AE8C5BC265A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:px4-400d_firmware:4.1.402.34662:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F95A331F-E040-4025-AD3F-C6118204091D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:px4-400d:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2441B8E2-C356-49C1-BD7B-028C4A83616C\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:px4-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80271F4B-3195-4A9A-A5B7-9CED966AC29C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:px4-300d:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EF9B4663-D9EB-4207-B393-CDF45F020A86\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:px2-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"96FCF0FF-5EF8-4E9E-B22B-ABE34134BF53\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:px2-300d:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C110122A-D64C-417F-BC56-0F0B34509062\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:ix4-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B5B15B3E-FE90-43C1-9724-1FA19D4F0759\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:ix4-300d:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5C1AB5D-19B0-43F0-9656-3D78ED8047F6\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:ix2_firmware:4.1.402.34662:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5471D381-CEEB-4351-B78A-41ECA2656A37\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:ix2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9C0F4B2B-B3E1-4456-B57A-7E96BAFC6507\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:ez_media_\\\\\u0026_backup_center_firmware:4.1.402.34662:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"815AF29A-A455-4452-BEDC-469072A078CF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:ez_media_\\\\\u0026_backup_center:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"70B23F2C-23A4-44E1-AD8B-89F3A9E32013\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user\u0027s current password to set a new one. As a result, attackers with access to the user\u0027s session tokens can change their password and retain access to the user\u0027s account\"}, {\"lang\": \"es\", \"value\": \"Para algunos dispositivos NAS Iomega, Lenovo y LenovoEMC en versiones 4.1.402.34662 y anteriores, la funcionalidad de cambio de contrase\\u00f1as disponible para los usuarios autenticados no requiere la contrase\\u00f1a actual del usuario para establecer una nueva. Como resultado, los atacantes con acceso a los tokens de sesi\\u00f3n del usuario pueden cambiar su contrase\\u00f1a y mantener el acceso a la cuenta del usuario.\"}]",
      "id": "CVE-2018-9082",
      "lastModified": "2024-11-21T04:14:56.397",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:N/I:P/A:N\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-09-28T20:29:01.563",
      "references": "[{\"url\": \"https://support.lenovo.com/us/en/solutions/LEN-24224\", \"source\": \"psirt@lenovo.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.lenovo.com/us/en/solutions/LEN-24224\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@lenovo.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-384\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-9082\",\"sourceIdentifier\":\"psirt@lenovo.com\",\"published\":\"2018-09-28T20:29:01.563\",\"lastModified\":\"2024-11-21T04:14:56.397\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user\u0027s current password to set a new one. As a result, attackers with access to the user\u0027s session tokens can change their password and retain access to the user\u0027s account\"},{\"lang\":\"es\",\"value\":\"Para algunos dispositivos NAS Iomega, Lenovo y LenovoEMC en versiones 4.1.402.34662 y anteriores, la funcionalidad de cambio de contrase\u00f1as disponible para los usuarios autenticados no requiere la contrase\u00f1a actual del usuario para establecer una nueva. Como resultado, los atacantes con acceso a los tokens de sesi\u00f3n del usuario pueden cambiar su contrase\u00f1a y mantener el acceso a la cuenta del usuario.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:P/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-384\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:storcenter_px12-450r_firmware:4.1.402.34662:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C681D87-390C-4515-876B-56F301C6C2E8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:storcenter_px12-450r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDDD583F-99C1-474D-9D33-CB3FFBF87710\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:storcenter_px12-400r_firmware:4.1.402.34662:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1552A6C4-D72C-4F4A-959A-A74FB2F9331F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:storcenter_px12-400r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC5322D3-C5F9-4E1B-9E92-E4199D4D4E38\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:storcenter_px4-300r_firmware:4.1.402.34662:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DC36B80-3542-46E8-ABB0-988BF8405336\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:storcenter_px4-300r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74CF0CA3-C011-479E-90DB-1C4D9136778C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:storcenter_px6-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C7F667B-CF55-458E-A0DF-2D0BA47FF34E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:storcenter_px6-300d:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8750825E-AD9D-43FF-BA19-C1DC360E4050\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:storcenter_px4-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57CA96CA-47B7-4C36-B160-49AEAFEC7AE9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:storcenter_px4-300d:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30DAD273-0243-4C4B-BA48-98843262D454\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:storcenter_px2-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9442509-43F9-43AE-ABB8-A109029CBCB8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:storcenter_px2-300d:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67148992-00E9-4F99-8027-6AA0C56D64C3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:storcenter_ix4-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0538AFC3-AF46-4A3D-BDA2-3D2B287C5083\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:storcenter_ix4-300d:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70A8A885-87E4-47B6-964C-BD6B2CC253C3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:storcenter_ix2_firmware:4.1.402.34662:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D076F4B4-CC3B-4FC4-8E65-D2B656FB8F3E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:storcenter_ix2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CF64BC7-7AE0-4822-9F95-325EF6B914CB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:storcenter_ix2-dl_firmware:4.1.402.34662:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73152B06-114D-41CA-B4A4-F430F7A1D818\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:storcenter_ix2-dl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E46920A-82FF-4E15-AB22-DFDB6D532DB2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:ez_media_\\\\\u0026_backup_center_firmware:4.1.402.34662:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"815AF29A-A455-4452-BEDC-469072A078CF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:ez_media_\\\\\u0026_backup_center:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70B23F2C-23A4-44E1-AD8B-89F3A9E32013\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:px12-450r_firmware:4.1.402.34662:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24151BE4-3D25-4ED6-BD93-117C9AEDEC80\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:px12-450r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDEDB98C-CB83-467A-B866-1E26146977BA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:px12-400r_firmware:4.1.402.34662:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5FB2FAB-E9C6-48F9-B4B0-5FAF908E9FEF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:px12-400r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"068F1733-22CD-4265-8519-54968CBCDA51\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:px4-400r_firmware:4.1.402.34662:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BAE671E-04BF-4BAE-847A-8236FB9EB927\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:px4-400r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D8C2AAD-0356-4C4C-B1F2-50736844A809\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:px4-300r_firmware:4.1.402.34662:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7298F84-E758-4AB3-9F0C-6F6B11997E69\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:px4-300r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93AECD5C-256C-4F24-8162-14E569CDCED6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:px6-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83A7AFAE-89F3-4E69-83C4-77361D5DBD2B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:px6-300d:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E32EDB44-96C0-425C-B192-0AE8C5BC265A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:px4-400d_firmware:4.1.402.34662:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F95A331F-E040-4025-AD3F-C6118204091D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:px4-400d:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2441B8E2-C356-49C1-BD7B-028C4A83616C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:px4-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80271F4B-3195-4A9A-A5B7-9CED966AC29C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:px4-300d:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF9B4663-D9EB-4207-B393-CDF45F020A86\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:px2-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96FCF0FF-5EF8-4E9E-B22B-ABE34134BF53\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:px2-300d:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C110122A-D64C-417F-BC56-0F0B34509062\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:ix4-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5B15B3E-FE90-43C1-9724-1FA19D4F0759\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:ix4-300d:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5C1AB5D-19B0-43F0-9656-3D78ED8047F6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:ix2_firmware:4.1.402.34662:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5471D381-CEEB-4351-B78A-41ECA2656A37\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:ix2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C0F4B2B-B3E1-4456-B57A-7E96BAFC6507\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:ez_media_\\\\\u0026_backup_center_firmware:4.1.402.34662:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"815AF29A-A455-4452-BEDC-469072A078CF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:ez_media_\\\\\u0026_backup_center:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70B23F2C-23A4-44E1-AD8B-89F3A9E32013\"}]}]}],\"references\":[{\"url\":\"https://support.lenovo.com/us/en/solutions/LEN-24224\",\"source\":\"psirt@lenovo.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.lenovo.com/us/en/solutions/LEN-24224\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.