CVE-2018-9084

EUVD-2018-20687
In System Management Module (SMM) versions prior to 1.06, if an attacker manages to log in to the device OS, the validation of software updates can be circumvented.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
Affected Products (NVD)
VendorProductVersion
lenovosystem_management_module_firmware
𝑥
< 1.06
𝑥
= Vulnerable software versions
References
https://support.lenovo.com/us/en/solutions/LEN-24374
https://support.lenovo.com/us/en/solutions/LEN-24374