CVE-2018-9071

MEDIUM

Lenovo Chassis Management Module Firmware < 2.0.0 - Unauthenticated Exposure of Authentication Configuration Settings

Title source: llm

Description

Lenovo Chassis Management Module (CMM) prior to version 2.0.0 allows unauthenticated users to retrieve information related to the current authentication configuration settings. Exposed settings relate to password lengths, expiration, and lockout configuration.

References (1)

Core 1

Core References

Mitigation, Vendor Advisory x_refsource_confirm

https://support.lenovo.com/us/en/solutions/LEN-23806

Scores

CVSS v3 5.3

EPSS 0.0031

EPSS Percentile 54.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-200

Status published

Products (1)

lenovo/chassis_management_module_firmware < 2.0.0

Published Nov 16, 2018

Tracked Since Feb 18, 2026