CVE-2018-9079 - OpenCVE

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript handlers to execute arbitrary JavaScript with the origin of the device.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Lenovo	Ez Media \& Backup Center Ez Media \& Backup Center Firmware Ix2 Ix2 Firmware Ix4-300d Ix4-300d Firmware Px12-400r Px12-400r Firmware Px12-450r Px12-450r Firmware Px2-300d Px2-300d Firmware Px4-300d Px4-300d Firmware Px4-300r Px4-300r Firmware Px4-400d Px4-400d Firmware Px4-400r Px4-400r Firmware Px6-300d Px6-300d Firmware Storcenter Ix2 Storcenter Ix2-dl Storcenter Ix2-dl Firmware Storcenter Ix2 Firmware Storcenter Ix4-300d Storcenter Ix4-300d Firmware Storcenter Px12-400r Storcenter Px12-400r Firmware Storcenter Px12-450r Storcenter Px12-450r Firmware Storcenter Px2-300d Storcenter Px2-300d Firmware Storcenter Px4-300d Storcenter Px4-300d Firmware Storcenter Px4-300r Storcenter Px4-300r Firmware Storcenter Px6-300d Storcenter Px6-300d Firmware

Configuration 1 [-]

AND

cpe:2.3:h:lenovo:storcenter_px12-450r:-:*:*:*:*:*:*:*

cpe:2.3:o:lenovo:storcenter_px12-450r_firmware:4.1.402.34662:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:lenovo:storcenter_px12-400r_firmware:4.1.402.34662:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:storcenter_px12-400r:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:lenovo:storcenter_px4-300r:-:*:*:*:*:*:*:*

cpe:2.3:o:lenovo:storcenter_px4-300r_firmware:4.1.402.34662:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:h:lenovo:storcenter_px6-300d:-:*:*:*:*:*:*:*

cpe:2.3:o:lenovo:storcenter_px6-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:h:lenovo:storcenter_px4-300d:-:*:*:*:*:*:*:*

cpe:2.3:o:lenovo:storcenter_px4-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:h:lenovo:storcenter_px2-300d:-:*:*:*:*:*:*:*

cpe:2.3:o:lenovo:storcenter_px2-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:lenovo:storcenter_ix4-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:storcenter_ix4-300d:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:lenovo:storcenter_ix2_firmware:4.1.402.34662:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:storcenter_ix2:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:h:lenovo:storcenter_ix2-dl:-:*:*:*:*:*:*:*

cpe:2.3:o:lenovo:storcenter_ix2-dl_firmware:4.1.402.34662:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:h:lenovo:ez_media_\&_backup_center:-:*:*:*:*:*:*:*

cpe:2.3:o:lenovo:ez_media_\&_backup_center_firmware:4.1.402.34662:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:lenovo:px12-450r_firmware:4.1.402.34662:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:px12-450r:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:lenovo:px12-400r_firmware:4.1.402.34662:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:px12-400r:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:lenovo:px4-400r_firmware:4.1.402.34662:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:px4-400r:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:lenovo:px4-300r_firmware:4.1.402.34662:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:px4-300r:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:lenovo:px6-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:px6-300d:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:lenovo:px4-400d_firmware:4.1.402.34662:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:px4-400d:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:lenovo:px4-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:px4-300d:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:lenovo:px2-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:px2-300d:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:lenovo:ix4-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ix4-300d:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:lenovo:ix2_firmware:4.1.402.34662:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ix2:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:lenovo:ez_media_\&_backup_center_firmware:4.1.402.34662:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ez_media_\&_backup_center:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://support.lenovo.com/us/en/solutions/LEN-24224

History

No history.

MITRE

Status: PUBLISHED

Assigner: lenovo

Published: 2018-09-28T20:00:00

Updated: 2024-08-05T07:17:50.623Z

Reserved: 2018-03-27T00:00:00

Link: CVE-2018-9079

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-09-28T20:29:01.207

Modified: 2020-08-24T17:37:01.140

Link: CVE-2018-9079

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object