Vulnerabilities > CVE-2018-16092 - Unspecified vulnerability in Lenovo System Management Module Firmware 1.05

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

high complexity

lenovo

NVD

Published: 2018-11-27

Updated: 2019-10-03

Summary

In System Management Module (SMM) versions prior to 1.06, the FFDC feature includes the collection of SMM system files containing sensitive information; notably, the SMM user account credentials and the system shadow file.

Vulnerable Configurations

Part	Description	Count
OS	Lenovo Lenovo System Management Module Firmware 1.05	1
Hardware	Lenovo Lenovo Thinkagile HX Enclosure 7X81 - Lenovo Thinkagile HX Enclosure 7Y87 - Lenovo Thinkagile HX Enclosure 7Z02 - Lenovo Thinkagile VX Enclosure 7Y11 - Lenovo Thinkagile VX Enclosure 7Y91 - Lenovo Thinksystem D2 Enclosure 7X20 - Lenovo Thinksystem Modular Enclosure 7X22 -	7

References

https://support.lenovo.com/us/en/solutions/LEN-24374