Medium severity5.9NVD Advisory· Published Sep 28, 2018· Updated Jun 17, 2026
CVE-2018-9080
CVE-2018-9080
Description
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. This allows an attacker who knows the cookie's value to compromise the user's session.
Affected products
2- Range: <= 4.1.402.34662
- Range: 4.1.402.34662
Patches
Vulnerability mechanics
References
1- support.lenovo.com/us/en/solutions/LEN-24224nvdVendor Advisory
News mentions
0No linked articles in our index yet.