First published: Fri Sep 28 2018(Updated: )
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user's current password to set a new one. As a result, attackers with access to the user's session tokens can change their password and retain access to the user's account
Credit: psirt@lenovo.com
Affected Software | Affected Version | How to fix |
---|---|---|
Lenovo Storcenter Px12-450r Firmware | =4.1.402.34662 | |
Lenovo Storcenter Px12-450r | ||
Lenovo Storcenter Px12-400r Firmware | =4.1.402.34662 | |
Lenovo Storcenter Px12-400r | ||
Lenovo Storcenter Px4-300r Firmware | =4.1.402.34662 | |
Lenovo Storcenter Px4-300r | ||
Lenovo Storcenter Px6-300d Firmware | =4.1.402.34662 | |
Lenovo Storcenter Px6-300d | ||
Lenovo Storcenter Px4-300d Firmware | =4.1.402.34662 | |
Lenovo Storcenter Px4-300d | ||
Lenovo Storcenter Px2-300d Firmware | =4.1.402.34662 | |
Lenovo Storcenter Px2-300d | ||
Lenovo Storcenter Ix4-300d Firmware | =4.1.402.34662 | |
Lenovo Storcenter Ix4-300d | ||
Lenovo Storcenter Ix2 Firmware | =4.1.402.34662 | |
Lenovo Storcenter Ix2 | ||
Lenovo Storcenter Ix2-dl Firmware | =4.1.402.34662 | |
Lenovo Storcenter Ix2-dl | ||
Lenovo Ez Media \& Backup Center Firmware | =4.1.402.34662 | |
Lenovo Ez Media \& Backup Center | ||
Lenovo Px12-450r Firmware | =4.1.402.34662 | |
Lenovo Px12-450r | ||
Lenovo Px12-400r Firmware | =4.1.402.34662 | |
Lenovo Px12-400r | ||
Lenovo Px4-400r Firmware | =4.1.402.34662 | |
Lenovo Px4-400r | ||
Lenovo Px4-300r Firmware | =4.1.402.34662 | |
Lenovo Px4-300r | ||
Lenovo Px6-300d Firmware | =4.1.402.34662 | |
Lenovo Px6-300d | ||
Lenovo Px4-400d Firmware | =4.1.402.34662 | |
Lenovo Px4-400d | ||
Lenovo Px4-300d Firmware | =4.1.402.34662 | |
Lenovo Px4-300d | ||
Lenovo Px2-300d Firmware | =4.1.402.34662 | |
Lenovo Px2-300d | ||
Lenovo Ix4-300d Firmware | =4.1.402.34662 | |
Lenovo Ix4-300d | ||
Lenovo Ix2 Firmware | =4.1.402.34662 | |
Lenovo Ix2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.