Lenovo: Security Vulnerabilities
In System Management Module (SMM) versions prior to 1.06, the SMM records hashed passwords to a debug log when user authentication fails.
CVSS Score
5.9
EPSS Score
0.003
Published
2018-11-27
In System Management Module (SMM) versions prior to 1.06, the SMM web interface for changing Enclosure VPD fails to sufficiently sanitize all input for HTML tags, possibly opening a path for cross-site scripting.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-11-27
In System Management Module (SMM) versions prior to 1.06, the SMM contains weak default root credentials which could be used to log in to the device OS -- if the attacker manages to enable SSH or Telnet connections via some other vulnerability.
CVSS Score
8.1
EPSS Score
0.004
Published
2018-11-27
In System Management Module (SMM) versions prior to 1.06, if an attacker manages to log in to the device OS, the validation of software updates can be circumvented.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-11-27
Lenovo Chassis Management Module (CMM) prior to version 2.0.0 allows unauthenticated users to retrieve information related to the current authentication configuration settings. Exposed settings relate to password lengths, expiration, and lockout configuration.
CVSS Score
5.3
EPSS Score
0.003
Published
2018-11-16
Lenovo Chassis Management Module (CMM) prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Possession of the key can allow an attacker that has already compromised the server to decrypt these secrets.
CVSS Score
5.9
EPSS Score
0.001
Published
2018-11-16
A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors.
CVSS Score
4.9
EPSS Score
0.001
Published
2018-11-16
In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. This allows a privileged user to download and execute arbitrary code inside the BMC. This can only be exploited by authorized privileged users.
CVSS Score
7.2
EPSS Score
0.007
Published
2018-11-16
In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS.
CVSS Score
5.9
EPSS Score
0.002
Published
2018-10-02
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device's origin instead of prompting to download the asset. The application does not prevent the user from uploading SVG images and returns these images within their origin. As a result, malicious users can upload SVG images that contain arbitrary JavaScript that is evaluated when the victim issues a request to download the file.
CVSS Score
8.8
EPSS Score
0.005
Published
2018-09-28