CVE-2018-9083

CWE-798 — Hard-coded Credentials4 documents4 sources

Severity

8.1HIGH

EPSS

0.4%

top 41.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo Thinksystem SMM Lenovo System Management Module Firmware

Timeline

PublishedNov 27

Latest updateMay 13

Description

In System Management Module (SMM) versions prior to 1.06, the SMM contains weak default root credentials which could be used to log in to the device OS -- if the attacker manages to enable SSH or Telnet connections via some other vulnerability.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

▶NVDlenovo/system_management_module_firmware< 1.06

▶CVEListV5lenovo/thinksystem_smmunspecified — 1.06

🔴Vulnerability Details

GHSA

GHSA-84ph-3h5g-8mx3: In System Management Module (SMM) versions prior to 1↗2022-05-13

▶

CVEList

System Management Module Vulnerabilities↗2018-11-27

▶