Lenovo Chassis Management Module (CMM) prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Possession of the key can allow an attacker that has already compromised the server to decrypt these secrets.
CPE | Name | Operator | Version |
---|---|---|---|
chassis_management_module_firmware | lt | 2.0.0 |