Vulnerabilities > CVE-2018-9084 - Unspecified vulnerability in Lenovo System Management Module Firmware 1.05

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

lenovo

NVD

Published: 2018-11-27

Updated: 2019-10-03

Summary

In System Management Module (SMM) versions prior to 1.06, if an attacker manages to log in to the device OS, the validation of software updates can be circumvented.

Vulnerable Configurations

Part	Description	Count
OS	Lenovo Lenovo System Management Module Firmware 1.05	1
Hardware	Lenovo Lenovo Thinkagile HX Enclosure 7X81 - Lenovo Thinkagile HX Enclosure 7Y87 - Lenovo Thinkagile HX Enclosure 7Z02 - Lenovo Thinkagile VX Enclosure 7Y11 - Lenovo Thinkagile VX Enclosure 7Y91 - Lenovo Thinksystem D2 Enclosure 7X20 - Lenovo Thinksystem Modular Enclosure 7X22 -	7

References

https://support.lenovo.com/us/en/solutions/LEN-24374