Hardcoded Encryption Key Vulnerability in Lenovo Chassis Management Module (CMM)
CVE-2018-9073 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:N/A:N
Lenovo Chassis Management Module (CMM) prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Possession of the key can allow an attacker that has already compromised the server to decrypt these secrets.
Learn more about our Cis Benchmark Audit For Server Software.