CVE-2018-9080
Iomega and LenovoEMC NAS Web UI Vulnerabilities
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. This allows an attacker who knows the cookie's value to compromise the user's session.
Productos afectados
Lenovo Group LTD · EZ Media and Backup CenterLenovo Group LTD · Iomega StorCenterLenovo Group LTD · LenovoEMC¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →