Sign-up

ID

VAR-201809-1089


CVE

CVE-2018-9077


TITLE

plural Lenovo Command injection vulnerability in product devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-010435

DESCRIPTION

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the share : name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter. Iomega , Lenovo , LenovoEMC NAS The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo Iomega StorCenter px12-450r and others are all storage devices of China Lenovo (Lenovo). There are security vulnerabilities in the Web UI of several Lenovo products using firmware 4.1.402.34662 and earlier versions. The following products are affected: Lenovo Iomega StorCenter px12-450r, StorCenter px12-400r, StorCenter px4-300r, StorCenter px6-300d, StorCenter px4-300d, StorCenter px2-300d, StorCenter ix4-300d, StorCenter ix2/ix2-dl, EZ Media & Backup Center; LenovoEMC px12-450r, px12-400r, px4-400r, px4-300r, px6-300d, px4-400d, px4-300d, px2-300d; Lenovo ix4-300d, ix2, EZ Media & Backup Center

Trust: 1.71

sources: NVD: CVE-2018-9077 // JVNDB: JVNDB-2018-010435 // VULHUB: VHN-139109

AFFECTED PRODUCTS

vendor:lenovomodel:lenovoemcscope:lteversion:4.1.402.34662

Trust: 1.0

vendor:lenovomodel:lenovoemcscope: - version: -

Trust: 0.8

vendor:lenovomodel:lenovoemcscope:eqversion:4.1.402.34662

Trust: 0.6

sources: JVNDB: JVNDB-2018-010435 // CNNVD: CNNVD-201809-1176 // NVD: CVE-2018-9077

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-9077
value: HIGH

Trust: 1.0

NVD: CVE-2018-9077
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201809-1176
value: HIGH

Trust: 0.6

VULHUB: VHN-139109
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-9077
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-139109
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-9077
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-139109 // JVNDB: JVNDB-2018-010435 // CNNVD: CNNVD-201809-1176 // NVD: CVE-2018-9077

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:CWE-77

Trust: 0.9

sources: VULHUB: VHN-139109 // JVNDB: JVNDB-2018-010435 // NVD: CVE-2018-9077

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-1176

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201809-1176

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-010435

PATCH
title:LEN-24224url:https://support.lenovo.com/jp/ja/solutions/len-24224
Trust: 0.8
title:Multiple Lenovo Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85210
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-010435 // 
            
            
            
            CNNVD: CNNVD-201809-1176

EXTERNAL IDS
db:NVDid:CVE-2018-9077
Trust: 2.5
db:LENOVOid:LEN-24224
Trust: 1.7
db:JVNDBid:JVNDB-2018-010435
Trust: 0.8
db:CNNVDid:CNNVD-201809-1176
Trust: 0.7
db:VULHUBid:VHN-139109
Trust: 0.1
sources:
            
            
            VULHUB: VHN-139109 // 
            
            
            
            JVNDB: JVNDB-2018-010435 // 
            
            
            
            CNNVD: CNNVD-201809-1176 // 
            
            
            
            NVD: CVE-2018-9077

REFERENCES
url:https://support.lenovo.com/us/en/solutions/len-24224
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-9077
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-9077
Trust: 0.8
sources:
            
            
            VULHUB: VHN-139109 // 
            
            
            
            JVNDB: JVNDB-2018-010435 // 
            
            
            
            CNNVD: CNNVD-201809-1176 // 
            
            
            
            NVD: CVE-2018-9077

SOURCES
db:VULHUBid:VHN-139109
db:JVNDBid:JVNDB-2018-010435
db:CNNVDid:CNNVD-201809-1176
db:NVDid:CVE-2018-9077

LAST UPDATE DATE
2024-11-23T22:00:17.148000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-139109date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-010435date:2018-12-14T00:00:00
db:CNNVDid:CNNVD-201809-1176date:2019-10-23T00:00:00
db:NVDid:CVE-2018-9077date:2024-11-21T04:14:55.630

SOURCES RELEASE DATE
db:VULHUBid:VHN-139109date:2018-09-28T00:00:00
db:JVNDBid:JVNDB-2018-010435date:2018-12-14T00:00:00
db:CNNVDid:CNNVD-201809-1176date:2018-09-27T00:00:00
db:NVDid:CVE-2018-9077date:2018-09-28T20:29:00.970