CVE-2018-9071

{"id": "CVE-2018-9071", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2018-11-16T14:29:00.347", "references": [{"url": "https://support.lenovo.com/us/en/solutions/LEN-23806", "tags": ["Mitigation", "Vendor Advisory"], "source": "psirt@lenovo.com"}, {"url": "https://support.lenovo.com/us/en/solutions/LEN-23806", "tags": ["Mitigation", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Lenovo Chassis Management Module (CMM) prior to version 2.0.0 allows unauthenticated users to retrieve information related to the current authentication configuration settings. Exposed settings relate to password lengths, expiration, and lockout configuration."}, {"lang": "es", "value": "Lenovo Chassis Management Module (CMM) en versiones anteriores a la 2.0.0 permite que usuarios no autenticados recuperen informaci\u00f3n relacionada con las opciones actuales de configuraci\u00f3n de autenticaci\u00f3n. Las opciones expuestas est\u00e1n relacionadas con la configuraci\u00f3n de longitud de contrase\u00f1a, expiraci\u00f3n y bloqueo."}], "lastModified": "2024-11-21T04:14:54.893", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:chassis_management_module_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F536010-AF72-40A8-A3E3-DDFFCAD11D91", "versionEndExcluding": "2.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:chassis_management_module:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2FED06AE-EA3E-41C2-85E2-CC85AD41740D"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@lenovo.com"}