CVE-2018-9079 - OpenCVE

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript handlers to execute arbitrary JavaScript with the origin of the device.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Lenovo	Storcenter Px4-300d Firmware Px4-300d Px12-400r Firmware Px12-450r Firmware Px6-300d Firmware Storcenter Ix4-300d Storcenter Px2-300d Px4-400r Px6-300d Ez Media \& Backup Center Px12-400r Px4-400d Firmware Px4-300r Firmware Storcenter Px4-300r Storcenter Ix2-dl Firmware Storcenter Px4-300r Firmware Storcenter Ix4-300d Firmware Ez Media \& Backup Center Firmware Storcenter Px12-400r Px12-450r Storcenter Ix2-dl Storcenter Px12-400r Firmware Ix2 Storcenter Px2-300d Firmware Ix4-300d Firmware Storcenter Ix2 Px4-300d Firmware Px4-300r Px2-300d Ix4-300d Storcenter Px12-450r Firmware Px4-400r Firmware Ix2 Firmware Px4-400d Storcenter Px12-450r Storcenter Ix2 Firmware Storcenter Px6-300d Firmware Storcenter Px4-300d Storcenter Px6-300d Px2-300d Firmware

Configuration 1 [-]

AND

cpe:2.3:o:lenovo:storcenter_px12-450r_firmware:4.1.402.34662:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:storcenter_px12-450r:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:lenovo:storcenter_px12-400r_firmware:4.1.402.34662:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:storcenter_px12-400r:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:lenovo:storcenter_px4-300r_firmware:4.1.402.34662:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:storcenter_px4-300r:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:lenovo:storcenter_px6-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:storcenter_px6-300d:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:lenovo:storcenter_px4-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:storcenter_px4-300d:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:lenovo:storcenter_px2-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:storcenter_px2-300d:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:lenovo:storcenter_ix4-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:storcenter_ix4-300d:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:lenovo:storcenter_ix2_firmware:4.1.402.34662:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:storcenter_ix2:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:lenovo:storcenter_ix2-dl_firmware:4.1.402.34662:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:storcenter_ix2-dl:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:lenovo:ez_media_\&_backup_center_firmware:4.1.402.34662:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ez_media_\&_backup_center:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:lenovo:px12-450r_firmware:4.1.402.34662:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:px12-450r:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:lenovo:px12-400r_firmware:4.1.402.34662:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:px12-400r:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:lenovo:px4-400r_firmware:4.1.402.34662:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:px4-400r:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:lenovo:px4-300r_firmware:4.1.402.34662:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:px4-300r:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:lenovo:px6-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:px6-300d:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:lenovo:px4-400d_firmware:4.1.402.34662:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:px4-400d:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:lenovo:px4-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:px4-300d:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:lenovo:px2-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:px2-300d:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:lenovo:ix4-300d_firmware:4.1.402.34662:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ix4-300d:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:lenovo:ix2_firmware:4.1.402.34662:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ix2:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:lenovo:ez_media_\&_backup_center_firmware:4.1.402.34662:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ez_media_\&_backup_center:-:*:*:*:*:*:*:*

References

Link	Resource
https://support.lenovo.com/us/en/solutions/LEN-24224	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: lenovo

Published: 2018-09-28T20:00:00

Updated: 2018-09-28T19:57:01

Reserved: 2018-03-27T00:00:00

Link: CVE-2018-9079

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-09-28T20:29:01.207

Modified: 2020-08-24T17:37:01.140

Link: CVE-2018-9079

JSON object: View

Redhat Information

No data.

CWE

CWE-79