CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-16089

In System Management Module (SMM) versions prior to 1.06, a field in the header of SMM firmware update images is insufficiently sanitized, allowing post-authentication command injection on the SMM as the root user.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 69.3%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 8.5

References

Products affected by CVE-2018-16089

Lenovo » Thinkagile Hx Enclosure 7x81 » Version: N/A

cpe:2.3:h:lenovo:thinkagile_hx_enclosure_7x81:-
Lenovo » Thinkagile Hx Enclosure 7y87 » Version: N/A

cpe:2.3:h:lenovo:thinkagile_hx_enclosure_7y87:-
Lenovo » Thinkagile Hx Enclosure 7z02 » Version: N/A

cpe:2.3:h:lenovo:thinkagile_hx_enclosure_7z02:-
Lenovo » Thinkagile Vx Enclosure 7y11 » Version: N/A

cpe:2.3:h:lenovo:thinkagile_vx_enclosure_7y11:-
Lenovo » Thinkagile Vx Enclosure 7y91 » Version: N/A

cpe:2.3:h:lenovo:thinkagile_vx_enclosure_7y91:-
Lenovo » Thinksystem D2 Enclosure 7x20 » Version: N/A

cpe:2.3:h:lenovo:thinksystem_d2_enclosure_7x20:-
Lenovo » Thinksystem Modular Enclosure 7x22 » Version: N/A

cpe:2.3:h:lenovo:thinksystem_modular_enclosure_7x22:-
Lenovo » System Management Module Firmware » Version: 1.05

cpe:2.3:o:lenovo:system_management_module_firmware:1.05

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-16089

Products

Pricing

Contact Us