CVE-2018-9084
published 2018-11-27CVE-2018-9084: In System Management Module (SMM) versions prior to 1.06, if an attacker manages to log in to the device OS, the validation of software updates can be…
medium6.5CVSS 3.0
AVNACLPRLUINSUCNIHAN
In System Management Module (SMM) versions prior to 1.06, if an attacker manages to log in to the device OS, the validation of software updates can be circumvented.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lenovo | system_management_module_firmware | < 1.06 | 1.06 |
| lenovo | thinksystem_smm | >= unspecified < 1.06 | 1.06 |