CVE-2018-9084

In System Management Module (SMM) versions prior to 1.06, if an attacker manages to log in to the device OS, the validation of software updates can be circumvented.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
lenovoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
lenovosystem_management_module_firmware
𝑥
< 1.06
𝑥
= Vulnerable software versions
References
https://support.lenovo.com/us/en/solutions/LEN-24374
https://support.lenovo.com/us/en/solutions/LEN-24374