CVE-2018-9082
28.09.2018, 20:29
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user's current password to set a new one. As a result, attackers with access to the user's session tokens can change their password and retain access to the user's accountEnginsight
| Vendor | Product | Version |
|---|---|---|
| lenovo | storcenter_px12-450r_firmware | 4.1.402.34662 |
| lenovo | storcenter_px12-400r_firmware | 4.1.402.34662 |
| lenovo | storcenter_px4-300r_firmware | 4.1.402.34662 |
| lenovo | storcenter_px6-300d_firmware | 4.1.402.34662 |
| lenovo | storcenter_px4-300d_firmware | 4.1.402.34662 |
| lenovo | storcenter_px2-300d_firmware | 4.1.402.34662 |
| lenovo | storcenter_ix4-300d_firmware | 4.1.402.34662 |
| lenovo | storcenter_ix2_firmware | 4.1.402.34662 |
| lenovo | storcenter_ix2-dl_firmware | 4.1.402.34662 |
| lenovo | ez_media_\&_backup_center_firmware | 4.1.402.34662 |
| lenovo | px12-450r_firmware | 4.1.402.34662 |
| lenovo | px12-400r_firmware | 4.1.402.34662 |
| lenovo | px4-400r_firmware | 4.1.402.34662 |
| lenovo | px4-300r_firmware | 4.1.402.34662 |
| lenovo | px6-300d_firmware | 4.1.402.34662 |
| lenovo | px4-400d_firmware | 4.1.402.34662 |
| lenovo | px4-300d_firmware | 4.1.402.34662 |
| lenovo | px2-300d_firmware | 4.1.402.34662 |
| lenovo | ix4-300d_firmware | 4.1.402.34662 |
| lenovo | ix2_firmware | 4.1.402.34662 |
| lenovo | ez_media_\&_backup_center_firmware | 4.1.402.34662 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration