Vulnerabilities > CVE-2018-16092 - Unspecified vulnerability in Lenovo System Management Module Firmware

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

lenovo

NVD

Published: 2018-11-27

Updated: 2019-10-03

Summary

In System Management Module (SMM) versions prior to 1.06, the FFDC feature includes the collection of SMM system files containing sensitive information; notably, the SMM user account credentials and the system shadow file.

Vulnerable Configurations

Part	Description	Count
OS	Lenovo Lenovo System Management Module Firmware *	1
Hardware	Lenovo Lenovo Thinkagile HX Enclosure 7X81 - Lenovo Thinkagile HX Enclosure 7Y87 - Lenovo Thinkagile HX Enclosure 7Z02 - Lenovo Thinkagile VX Enclosure 7Y11 - Lenovo Thinkagile VX Enclosure 7Y91 - Lenovo Thinksystem D2 Enclosure 7X20 - Lenovo Thinksystem Modular Enclosure 7X22 -	7

References

https://support.lenovo.com/us/en/solutions/LEN-24374