System Management Module Vulnerabilities
CVE-2018-9084

6.5MEDIUM

Key Information:

Vendor: Lenovo
Status: Thinksystem Smm
Vendor: CVE Published:; 27 November 2018

Summary

In System Management Module (SMM) versions prior to 1.06, if an attacker manages to log in to the device OS, the validation of software updates can be circumvented.

Affected Version(s)

ThinkSystem SMM < 1.06

References

https://support.lenovo.com/us/en/solutions/LEN-24374

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 27, 2018
Vulnerability Reserved
Mar 27, 2018