Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
lenovoLenovoLENOVO:PS500189-NOSID
HistoryOct 18, 2018 - 11:43 p.m.

System Management Module Vulnerabilities - US

2018-10-1823:43:36
support.lenovo.com
336

0.003 Low

EPSS

Percentile

65.2%

JSON

Lenovo Security Advisory: LEN-24374

Potential Impact: Privilege escalation

Severity: High

Scope of Impact: Lenovo-specific

CVE Identifier: CVE-2018-9083, CVE-2018-9084, CVE-2018-16089, CVE-2018-16090, CVE-2018-16091, CVE-2018-16092, CVE-2018-16094, CVE-2018-16095, CVE-2018-16096

Summary Description:

A Lenovo security audit of the System Management Module firmware uncovered the following vulnerabilities. SMM networking is disabled by default, and these cannot be exploited until networking is enabled:

CVE-2018-16089: A field in the header of SMM firmware update images is insufficiently sanitized, allowing post-authentication command injection on the SMM as the root user.

CVE-2018-16090: The SMM certificate creation and parsing logic is vulnerable to post-authentication command injection.

CVE-2018-16091: The SMM certificate creation and parsing logic is vulnerable to several buffer overflows.

CVE-2018-9083: The SMM contains weak default root credentials which could be used to log in to the device OS — if the attacker manages to enable SSH or Telnet connections via some other vulnerability.

CVE-2018-9084: If an attacker manages to log in to the device OS, the validation of software updates can be circumvented.

CVE-2018-16092: The FFDC feature includes the collection of SMM system files containing sensitive information; notably, the SMM user account credentials and the system shadow file.

CVE-2018-16094: An internal SMM function that retrieves configuration settings is prone to a buffer overflow.

CVE-2018-16095: The SMM records hashed passwords to a debug log when user authentication fails.

CVE-2018-16096: The SMM web interface for changing Enclosure VPD fails to sufficiently sanitize all input for HTML tags, possibly opening a path for cross-site scripting.

Mitigation Strategy for Customers (what you should do to protect yourself):

Upgrade the SMM firmware to the level (or newer) described for your model in the Product Impact section below.

Prior to updating, follow the usual security best practices: Disable SMM networking or connect the SMM only to trusted networks, set unique user IDs and strong passwords, and disable or remove the default credentials.

Related

lenovo 1
cve 9
nvd 9
cvelist 9
prion 9
lenovo
lenovo
System Management Module Vulnerabilities - Lenovo Support US
2018-10-18 23:43:36
cve
cve
CVE-2018-16090
2018-11-27 14:29:00
CVE-2018-16096
2018-11-27 14:29:00
CVE-2018-16091
2018-11-27 14:29:00
nvd
nvd
CVE-2018-16090
2018-11-27 14:29:00
CVE-2018-16096
2018-11-27 14:29:00
CVE-2018-16091
2018-11-27 14:29:00
cvelist
cvelist
CVE-2018-16096 System Management Module Vulnerabilities
2018-11-27 14:00:00
CVE-2018-16091 System Management Module Vulnerabilities
2018-11-27 14:00:00
CVE-2018-16090 System Management Module Vulnerabilities
2018-11-27 14:00:00
prion
prion
Cross site scripting
2018-11-27 14:29:00
Command injection
2018-11-27 14:29:00
Buffer overflow
2018-11-27 14:29:00

0.003 Low

EPSS

Percentile

65.2%

JSON
Related for LENOVO:PS500189-NOSID
lenovo1cve9nvd9cvelist9prion9