Vulnerability Description
In System Management Module (SMM) versions prior to 1.06, if an attacker manages to log in to the device OS, the validation of software updates can be circumvented.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lenovo | System Management Module Firmware | < 1.06 |
| Lenovo | Thinkagile Hx Enclosure 7X81 | - |
| Lenovo | Thinkagile Hx Enclosure 7Y87 | - |
| Lenovo | Thinkagile Hx Enclosure 7Z02 | - |
| Lenovo | Thinkagile Vx Enclosure 7Y11 | - |
| Lenovo | Thinkagile Vx Enclosure 7Y91 | - |
| Lenovo | Thinksystem D2 Enclosure 7X20 | - |
| Lenovo | Thinksystem Modular Enclosure 7X22 | - |
References
- https://support.lenovo.com/us/en/solutions/LEN-24374Vendor Advisory
- https://support.lenovo.com/us/en/solutions/LEN-24374Vendor Advisory
FAQ
What is CVE-2018-9084?
CVE-2018-9084 is a vulnerability with a CVSS score of 6.5 (MEDIUM). In System Management Module (SMM) versions prior to 1.06, if an attacker manages to log in to the device OS, the validation of software updates can be circumvented.
How severe is CVE-2018-9084?
CVE-2018-9084 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-9084?
Check the references section above for vendor advisories and patch information. Affected products include: Lenovo System Management Module Firmware, Lenovo Thinkagile Hx Enclosure 7X81, Lenovo Thinkagile Hx Enclosure 7Y87, Lenovo Thinkagile Hx Enclosure 7Z02, Lenovo Thinkagile Vx Enclosure 7Y11.