Vulnerability Description
In System Management Module (SMM) versions prior to 1.06, the SMM contains weak default root credentials which could be used to log in to the device OS -- if the attacker manages to enable SSH or Telnet connections via some other vulnerability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lenovo | System Management Module Firmware | < 1.06 |
| Lenovo | Thinkagile Hx Enclosure 7X81 | - |
| Lenovo | Thinkagile Hx Enclosure 7Y87 | - |
| Lenovo | Thinkagile Hx Enclosure 7Z02 | - |
| Lenovo | Thinkagile Vx Enclosure 7Y11 | - |
| Lenovo | Thinkagile Vx Enclosure 7Y91 | - |
| Lenovo | Thinksystem D2 Enclosure 7X20 | - |
| Lenovo | Thinksystem Modular Enclosure 7X22 | - |
Related Weaknesses (CWE)
References
- https://support.lenovo.com/us/en/solutions/LEN-24374Vendor Advisory
- https://support.lenovo.com/us/en/solutions/LEN-24374Vendor Advisory
FAQ
What is CVE-2018-9083?
CVE-2018-9083 is a vulnerability with a CVSS score of 8.1 (HIGH). In System Management Module (SMM) versions prior to 1.06, the SMM contains weak default root credentials which could be used to log in to the device OS -- if the attacker manages to enable SSH or Teln...
How severe is CVE-2018-9083?
CVE-2018-9083 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-9083?
Check the references section above for vendor advisories and patch information. Affected products include: Lenovo System Management Module Firmware, Lenovo Thinkagile Hx Enclosure 7X81, Lenovo Thinkagile Hx Enclosure 7Y87, Lenovo Thinkagile Hx Enclosure 7Z02, Lenovo Thinkagile Vx Enclosure 7Y11.