Hardcoded Encryption Key Vulnerability in Lenovo Chassis Management Module (CMM)

Hardcoded Encryption Key Vulnerability in Lenovo Chassis Management Module (CMM)

CVE-2018-9073 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

Lenovo Chassis Management Module (CMM) prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Possession of the key can allow an attacker that has already compromised the server to decrypt these secrets.

Learn more about our Cis Benchmark Audit For Server Software.