CVE-2018-16095

CWE-532Log File Information Exposure3 documents3 sources
Severity
5.9MEDIUM
EPSS
0.3%
top 45.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Lenovo Thinksystem SMMLenovo System Management Module Firmware
Timeline
PublishedNov 27
Latest updateMay 13

Description

In System Management Module (SMM) versions prior to 1.06, the SMM records hashed passwords to a debug log when user authentication fails.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

CVEListV5lenovo/thinksystem_smmunspecified1.06

🔴Vulnerability Details

2
GHSA
GHSA-j536-pjxm-6xvj: In System Management Module (SMM) versions prior to 12022-05-13
CVEList
System Management Module Vulnerabilities2018-11-27