Sign-up

ID

VAR-201811-0500


CVE

CVE-2018-9071


TITLE

Lenovo Chassis Management Module Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-012362

DESCRIPTION

Lenovo Chassis Management Module (CMM) prior to version 2.0.0 allows unauthenticated users to retrieve information related to the current authentication configuration settings. Exposed settings relate to password lengths, expiration, and lockout configuration. The LenovoChassisManagementModule (CMM) is a hot-swappable LenovoFlexSystem module that can be used to configure and manage all installed LenovoFlexSystem components

Trust: 2.16

sources: NVD: CVE-2018-9071 // JVNDB: JVNDB-2018-012362 // CNVD: CNVD-2019-05532

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-05532

AFFECTED PRODUCTS

vendor:lenovomodel:chassis management modulescope:ltversion:2.0.0

Trust: 2.4

sources: CNVD: CNVD-2019-05532 // JVNDB: JVNDB-2018-012362 // NVD: CVE-2018-9071

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-9071
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-9071
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-05532
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201811-521
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2018-9071
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-05532
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-9071
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-05532 // JVNDB: JVNDB-2018-012362 // CNNVD: CNNVD-201811-521 // NVD: CVE-2018-9071

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2018-012362 // NVD: CVE-2018-9071

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-521

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201811-521

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-012362

PATCH
title:LEN-23806url:https://support.lenovo.com/jp/ja/solutions/len-23806
Trust: 0.8
title:Patch for LenovoChassisManagementModule(CMM) Information Disclosure Vulnerability (CNVD-2019-05532)url:https://www.cnvd.org.cn/patchInfo/show/154675
Trust: 0.6
title:Lenovo Chassis Management Module Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86916
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-05532 // 
            
            
            
            JVNDB: JVNDB-2018-012362 // 
            
            
            
            CNNVD: CNNVD-201811-521

EXTERNAL IDS
db:NVDid:CVE-2018-9071
Trust: 3.0
db:LENOVOid:LEN-23806
Trust: 2.2
db:JVNDBid:JVNDB-2018-012362
Trust: 0.8
db:CNVDid:CNVD-2019-05532
Trust: 0.6
db:CNNVDid:CNNVD-201811-521
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-05532 // 
            
            
            
            JVNDB: JVNDB-2018-012362 // 
            
            
            
            CNNVD: CNNVD-201811-521 // 
            
            
            
            NVD: CVE-2018-9071

REFERENCES
url:https://support.lenovo.com/us/en/solutions/len-23806
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-9071
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-9071
Trust: 0.8
url:https://support.lenovo.com/hk/zh/solutions/len-23806
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-05532 // 
            
            
            
            JVNDB: JVNDB-2018-012362 // 
            
            
            
            CNNVD: CNNVD-201811-521 // 
            
            
            
            NVD: CVE-2018-9071

SOURCES
db:CNVDid:CNVD-2019-05532
db:JVNDBid:JVNDB-2018-012362
db:CNNVDid:CNNVD-201811-521
db:NVDid:CVE-2018-9071

LAST UPDATE DATE
2024-11-23T22:30:11.374000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-05532date:2019-02-27T00:00:00
db:JVNDBid:JVNDB-2018-012362date:2019-02-01T00:00:00
db:CNNVDid:CNNVD-201811-521date:2018-11-19T00:00:00
db:NVDid:CVE-2018-9071date:2024-11-21T04:14:54.893

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-05532date:2019-02-27T00:00:00
db:JVNDBid:JVNDB-2018-012362date:2019-02-01T00:00:00
db:CNNVDid:CNNVD-201811-521date:2018-11-19T00:00:00
db:NVDid:CVE-2018-9071date:2018-11-16T14:29:00.347