CVE-2018-9084
MEDIUMSystem Management Module <1.06 - Privilege Escalation
Title source: llmDescription
In System Management Module (SMM) versions prior to 1.06, if an attacker manages to log in to the device OS, the validation of software updates can be circumvented.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://support.lenovo.com/us/en/solutions/LEN-24374
Scores
CVSS v3
6.5
EPSS
0.0022
EPSS Percentile
44.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
Status
published
Products (1)
lenovo/system_management_module_firmware
< 1.06
Published
Nov 27, 2018
Tracked Since
Feb 18, 2026