PT-2018-18841 · Lenovo · Iomega
Published
2018-09-28
·
Updated
2019-01-08
·
CVE-2018-9080
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier
Description
The issue allows an attacker to compromise a user's session by setting the
Iomega cookie to a known value before logging into the NAS's web application, preventing the NAS from providing a new cookie value to the user.Recommendations
For versions 4.1.402.34662 and earlier, consider clearing the
Iomega cookie before logging into the NAS's web application as a temporary workaround to minimize the risk of session compromise.Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Iomega