CVE-2018-9073

MEDIUM

Lenovo Chassis Management Module Firmware < 2.0.0 - Use of Hard-coded Encryption Key

Title source: llm
STIX 2.1

Description

Lenovo Chassis Management Module (CMM) prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Possession of the key can allow an attacker that has already compromised the server to decrypt these secrets.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://support.lenovo.com/us/en/solutions/LEN-23806

Scores

CVSS v3 5.9
EPSS 0.0015
EPSS Percentile 34.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-798
Status published
Products (1)
lenovo/chassis_management_module_firmware < 2.0.0
Published Nov 16, 2018
Tracked Since Feb 18, 2026