Lenovo Chassis Management Module (CMM) Prior to Version 2.0.0 Information Disclosure Vulnerability

Lenovo Chassis Management Module (CMM) Prior to Version 2.0.0 Information Disclosure Vulnerability

CVE-2018-9071 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Lenovo Chassis Management Module (CMM) prior to version 2.0.0 allows unauthenticated users to retrieve information related to the current authentication configuration settings. Exposed settings relate to password lengths, expiration, and lockout configuration.

Learn more about our User Device Pen Test.