var-201809-1087
Vulnerability from variot
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick "``" characters in the client:password parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter. Iomega , Lenovo , LenovoEMC NAS The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo Iomega StorCenter px12-450r and others are all storage devices of China Lenovo (Lenovo). There are security vulnerabilities in the Web UI of several Lenovo products using firmware 4.1.402.34662 and earlier versions. The following products are affected: Lenovo Iomega StorCenter px12-450r, StorCenter px12-400r, StorCenter px4-300r, StorCenter px6-300d, StorCenter px4-300d, StorCenter px2-300d, StorCenter ix4-300d, StorCenter ix2/ix2-dl, EZ Media & Backup Center; LenovoEMC px12-450r, px12-400r, px4-400r, px4-300r, px6-300d, px4-400d, px4-300d, px2-300d; Lenovo ix4-300d, ix2, EZ Media & Backup Center
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-1087",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "lenovoemc",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.1.402.34662"
},
{
"model": "lenovoemc",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "lenovoemc",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "4.1.402.34662"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010433"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1174"
},
{
"db": "NVD",
"id": "CVE-2018-9075"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:lenovo:emc_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010433"
}
]
},
"cve": "CVE-2018-9075",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2018-9075",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-139107",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2018-9075",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-9075",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-9075",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-1174",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-139107",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139107"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010433"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1174"
},
{
"db": "NVD",
"id": "CVE-2018-9075"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick \"``\" characters in the client:password parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter. Iomega , Lenovo , LenovoEMC NAS The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo Iomega StorCenter px12-450r and others are all storage devices of China Lenovo (Lenovo). There are security vulnerabilities in the Web UI of several Lenovo products using firmware 4.1.402.34662 and earlier versions. The following products are affected: Lenovo Iomega StorCenter px12-450r, StorCenter px12-400r, StorCenter px4-300r, StorCenter px6-300d, StorCenter px4-300d, StorCenter px2-300d, StorCenter ix4-300d, StorCenter ix2/ix2-dl, EZ Media \u0026 Backup Center; LenovoEMC px12-450r, px12-400r, px4-400r, px4-300r, px6-300d, px4-400d, px4-300d, px2-300d; Lenovo ix4-300d, ix2, EZ Media \u0026 Backup Center ",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-9075"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010433"
},
{
"db": "VULHUB",
"id": "VHN-139107"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-9075",
"trust": 2.5
},
{
"db": "LENOVO",
"id": "LEN-24224",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010433",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1174",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-139107",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139107"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010433"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1174"
},
{
"db": "NVD",
"id": "CVE-2018-9075"
}
]
},
"id": "VAR-201809-1087",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-139107"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:00:17.637000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-24224",
"trust": 0.8,
"url": "https://support.lenovo.com/jp/ja/solutions/len-24224"
},
{
"title": "Multiple Lenovo Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85208"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010433"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1174"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.1
},
{
"problemtype": "CWE-77",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139107"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010433"
},
{
"db": "NVD",
"id": "CVE-2018-9075"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.lenovo.com/us/en/solutions/len-24224"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-9075"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-9075"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139107"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010433"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1174"
},
{
"db": "NVD",
"id": "CVE-2018-9075"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-139107"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010433"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1174"
},
{
"db": "NVD",
"id": "CVE-2018-9075"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-28T00:00:00",
"db": "VULHUB",
"id": "VHN-139107"
},
{
"date": "2018-12-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010433"
},
{
"date": "2018-09-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1174"
},
{
"date": "2018-09-28T20:29:00.753000",
"db": "NVD",
"id": "CVE-2018-9075"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-139107"
},
{
"date": "2018-12-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010433"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1174"
},
{
"date": "2024-11-21T04:14:55.367000",
"db": "NVD",
"id": "CVE-2018-9075"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1174"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Lenovo Command injection vulnerability in product devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010433"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1174"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.