Vulnerability Description
In System Management Module (SMM) versions prior to 1.06, the SMM records hashed passwords to a debug log when user authentication fails.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lenovo | System Management Module Firmware | < 1.06 |
| Lenovo | Thinkagile Hx Enclosure 7X81 | - |
| Lenovo | Thinkagile Hx Enclosure 7Y87 | - |
| Lenovo | Thinkagile Hx Enclosure 7Z02 | - |
| Lenovo | Thinkagile Vx Enclosure 7Y11 | - |
| Lenovo | Thinkagile Vx Enclosure 7Y91 | - |
| Lenovo | Thinksystem D2 Enclosure 7X20 | - |
| Lenovo | Thinksystem Modular Enclosure 7X22 | - |
Related Weaknesses (CWE)
References
- https://support.lenovo.com/us/en/solutions/LEN-24374Vendor Advisory
- https://support.lenovo.com/us/en/solutions/LEN-24374Vendor Advisory
FAQ
What is CVE-2018-16095?
CVE-2018-16095 is a vulnerability with a CVSS score of 5.9 (MEDIUM). In System Management Module (SMM) versions prior to 1.06, the SMM records hashed passwords to a debug log when user authentication fails.
How severe is CVE-2018-16095?
CVE-2018-16095 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-16095?
Check the references section above for vendor advisories and patch information. Affected products include: Lenovo System Management Module Firmware, Lenovo Thinkagile Hx Enclosure 7X81, Lenovo Thinkagile Hx Enclosure 7Y87, Lenovo Thinkagile Hx Enclosure 7Z02, Lenovo Thinkagile Vx Enclosure 7Y11.