CVE-2018-9073

Severity CVSS v4.0:
Pending analysis
Type:
CWE-798 Use of Hard-coded Credentials
Publication date:
16/11/2018
Last modified:
20/12/2018

Description

Lenovo Chassis Management Module (CMM) prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Possession of the key can allow an attacker that has already compromised the server to decrypt these secrets.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:lenovo:chassis_management_module_firmware:*:*:*:*:*:*:*:* 2.0.0 (excluding)
cpe:2.3:h:lenovo:chassis_management_module:-:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools