CVE-2018-9080
28.09.2018, 20:29
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. This allows an attacker who knows the cookie's value to compromise the user's session.Enginsight
| Vendor | Product | Version |
|---|---|---|
| lenovo | storcenter_px12-450r_firmware | 4.1.402.34662 |
| lenovo | storcenter_px12-400r_firmware | 4.1.402.34662 |
| lenovo | storcenter_px4-300r_firmware | 4.1.402.34662 |
| lenovo | storcenter_px6-300d_firmware | 4.1.402.34662 |
| lenovo | storcenter_px4-300d_firmware | 4.1.402.34662 |
| lenovo | storcenter_px2-300d_firmware | 4.1.402.34662 |
| lenovo | storcenter_ix4-300d_firmware | 4.1.402.34662 |
| lenovo | storcenter_ix2_firmware | 4.1.402.34662 |
| lenovo | storcenter_ix2-dl_firmware | 4.1.402.34662 |
| lenovo | ez_media_\&_backup_center_firmware | 4.1.402.34662 |
| lenovo | px12-450r_firmware | 4.1.402.34662 |
| lenovo | px12-400r_firmware | 4.1.402.34662 |
| lenovo | px4-400r_firmware | 4.1.402.34662 |
| lenovo | px4-300r_firmware | 4.1.402.34662 |
| lenovo | px6-300d_firmware | 4.1.402.34662 |
| lenovo | px4-400d_firmware | 4.1.402.34662 |
| lenovo | px4-300d_firmware | 4.1.402.34662 |
| lenovo | px2-300d_firmware | 4.1.402.34662 |
| lenovo | ix4-300d_firmware | 4.1.402.34662 |
| lenovo | ix2_firmware | 4.1.402.34662 |
| lenovo | ez_media_\&_backup_center_firmware | 4.1.402.34662 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration