Lenovo System Management Module Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Lenovo System Management Module Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2018-16094 — CVSS 8.1 (high): In System Management Module (SMM) versions prior to 1.06, an internal SMM function that retrieves configuration settings is prone to a…
CVE-2018-9083 — CVSS 8.1 (high): In System Management Module (SMM) versions prior to 1.06, the SMM contains weak default root credentials which could be used to log in to…
CVE-2018-16091 — CVSS 8.1 (high): In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to several buffer…
CVE-2018-16092 — CVSS 8.1 (high): In System Management Module (SMM) versions prior to 1.06, the FFDC feature includes the collection of SMM system files containing sensitive…
CVE-2018-16089 — CVSS 7.5 (high): In System Management Module (SMM) versions prior to 1.06, a field in the header of SMM firmware update images is insufficiently sanitized…
CVE-2018-16090 — CVSS 7.5 (high): In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to…
CVE-2018-9084 — CVSS 6.5 (medium): In System Management Module (SMM) versions prior to 1.06, if an attacker manages to log in to the device OS, the validation of software…
CVE-2018-16096 — CVSS 6.1 (medium): In System Management Module (SMM) versions prior to 1.06, the SMM web interface for changing Enclosure VPD fails to sufficiently sanitize…
CVE-2018-16095 — CVSS 5.9 (medium): In System Management Module (SMM) versions prior to 1.06, the SMM records hashed passwords to a debug log when user authentication fails.