Lenovo Chassis Management Module (CMM) prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Possession of the key can allow an attacker that has already compromised the server to decrypt these secrets.
Advisories
Source ID Title
EUVD EUVD EUVD-2018-20676 Lenovo Chassis Management Module (CMM) prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Possession of the key can allow an attacker that has already compromised the server to decrypt these secrets.
Fixes

Solution

Update to CMM v 2.0.0 or higher


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: lenovo

Published:

Updated: 2024-08-05T07:17:50.603Z

Reserved: 2018-03-27T00:00:00

Link: CVE-2018-9073

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-11-16T14:29:00.393

Modified: 2024-11-21T04:14:55.127

Link: CVE-2018-9073

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.