CVE-2018-9080

Name: CVE-2018-9080
Creator: NVD / NIST
Published: 2018-09-28T20:29:01.313+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.73%

Last modified Jun 17, 2026

CVE-2018-9080 is a vulnerability of currently unknown severity. For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. This allows an attacker who knows the cookie's value to compromise the user's session.. EPSS estimates a 0.73% chance of exploitation in the next 30 days.

Description

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. This allows an attacker who knows the cookie's value to compromise the user's session.

Metrics

EPSS Probability

0.73%

49.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-287

Affected Software

Vendor	Product	Versions
Lenovo	Storcenter Px12-450r Firmware	4.1.402.34662
Lenovo	Storcenter Px12-400r Firmware	4.1.402.34662
Lenovo	Storcenter Px4-300r Firmware	4.1.402.34662
Lenovo	Storcenter Px6-300d Firmware	4.1.402.34662
Lenovo	Storcenter Px4-300d Firmware	4.1.402.34662
Lenovo	Storcenter Px2-300d Firmware	4.1.402.34662
Lenovo	Storcenter Ix4-300d Firmware	4.1.402.34662
Lenovo	Storcenter Ix2 Firmware	4.1.402.34662
Lenovo	Storcenter Ix2-Dl Firmware	4.1.402.34662
Lenovo	Ez Media \& Backup Center Firmware	4.1.402.34662
Lenovo	Px12-450r Firmware	4.1.402.34662
Lenovo	Px12-400r Firmware	4.1.402.34662
Lenovo	Px4-400r Firmware	4.1.402.34662
Lenovo	Px4-300r Firmware	4.1.402.34662
Lenovo	Px6-300d Firmware	4.1.402.34662
Lenovo	Px4-400d Firmware	4.1.402.34662
Lenovo	Px4-300d Firmware	4.1.402.34662
Lenovo	Px2-300d Firmware	4.1.402.34662
Lenovo	Ix4-300d Firmware	4.1.402.34662
Lenovo	Ix2 Firmware	4.1.402.34662

References

https://support.lenovo.com/us/en/solutions/LEN-24224Vendor Advisory
https://support.lenovo.com/us/en/solutions/LEN-24224Vendor Advisory

Timeline

Published: Sep 28, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-9080?

How severe is CVE-2018-9080?

Severity scoring for CVE-2018-9080 is pending analysis. The EPSS model estimates a 0.73% probability of exploitation in the next 30 days.

How do I fix CVE-2018-9080?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-9080?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST