CVE-2018-9073

Name of the Vulnerable Software and Affected Versions Lenovo Chassis Management Module (CMM) versions prior to 2.0.0

Description The issue concerns the use of a hardcoded encryption key in the Lenovo Chassis Management Module (CMM). This key is used to protect certain secrets. If an attacker obtains the key and has already compromised the server, they can decrypt these secrets.

Recommendations For versions prior to 2.0.0, update to version 2.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the CMM to minimize the risk of exploitation.