System Management Module Vulnerabilities
CVE-2018-9084

6.5MEDIUM

Key Information:

Vendor: Lenovo
Status: Thinksystem Smm
Vendor: CVE Published:; 27 November 2018

What is CVE-2018-9084?

In System Management Module (SMM) versions prior to 1.06, if an attacker manages to log in to the device OS, the validation of software updates can be circumvented.

Affected Version(s)

ThinkSystem SMM < 1.06

References

https://support.lenovo.com/us/en/solutions/LEN-24374

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 27, 2018
Vulnerability Reserved
Mar 27, 2018

Lenovo

What is CVE-2018-9084?

Affected Version(s)

References

CVSS V3.1

Timeline