CVE-2018-16089 - OpenCVE

In System Management Module (SMM) versions prior to 1.06, a field in the header of SMM firmware update images is insufficiently sanitized, allowing post-authentication command injection on the SMM as the root user.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:S/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Lenovo	System Management Module Firmware Thinkagile Hx Enclosure 7x81 Thinkagile Hx Enclosure 7y87 Thinkagile Hx Enclosure 7z02 Thinkagile Vx Enclosure 7y11 Thinkagile Vx Enclosure 7y91 Thinksystem D2 Enclosure 7x20 Thinksystem Modular Enclosure 7x22

Configuration 1 [-]

AND

cpe:2.3:o:lenovo:system_management_module_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:lenovo:thinkagile_hx_enclosure_7x81:-:::::::*
	cpe:2.3:h:lenovo:thinkagile_hx_enclosure_7y87:-:::::::*
	cpe:2.3:h:lenovo:thinkagile_hx_enclosure_7z02:-:::::::*
	cpe:2.3:h:lenovo:thinkagile_vx_enclosure_7y11:-:::::::*
	cpe:2.3:h:lenovo:thinkagile_vx_enclosure_7y91:-:::::::*
	cpe:2.3:h:lenovo:thinksystem_d2_enclosure_7x20:-:::::::*
	cpe:2.3:h:lenovo:thinksystem_modular_enclosure_7x22:-:::::::*

No data.

References

Link	Providers
https://support.lenovo.com/us/en/solutions/LEN-24374

History

No history.

MITRE

Status: PUBLISHED

Assigner: lenovo

Published: 2018-11-27T14:00:00

Updated: 2024-08-05T10:17:37.618Z

Reserved: 2018-08-29T00:00:00

Link: CVE-2018-16089

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-11-27T14:29:00.323

Modified: 2019-10-03T00:03:26.223

Link: CVE-2018-16089

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "ThinkSystem SMM", "vendor": "Lenovo", "versions": [{"lessThan": "1.06", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2018-11-27T00:00:00", "descriptions": [{"lang": "en", "value": "In System Management Module (SMM) versions prior to 1.06, a field in the header of SMM firmware update images is insufficiently sanitized, allowing post-authentication command injection on the SMM as the root user."}], "problemTypes": [{"descriptions": [{"description": "Privilege escalation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-11-27T13:57:01", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.lenovo.com/us/en/solutions/LEN-24374"}], "solutions": [{"lang": "en", "value": "Update SMM firmware"}], "source": {"advisory": "LEN-24374", "discovery": "INTERNAL"}, "title": "System Management Module Vulnerabilities", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@lenovo.com", "ID": "CVE-2018-16089", "STATE": "PUBLIC", "TITLE": "System Management Module Vulnerabilities"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ThinkSystem SMM", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_value": "1.06"}]}}]}, "vendor_name": "Lenovo"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In System Management Module (SMM) versions prior to 1.06, a field in the header of SMM firmware update images is insufficiently sanitized, allowing post-authentication command injection on the SMM as the root user."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Privilege escalation"}]}]}, "references": {"reference_data": [{"name": "https://support.lenovo.com/us/en/solutions/LEN-24374", "refsource": "CONFIRM", "url": "https://support.lenovo.com/us/en/solutions/LEN-24374"}]}, "solution": [{"lang": "en", "value": "Update SMM firmware"}], "source": {"advisory": "LEN-24374", "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T10:17:37.618Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.lenovo.com/us/en/solutions/LEN-24374"}]}]}, "cveMetadata": {"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2018-16089", "datePublished": "2018-11-27T14:00:00", "dateReserved": "2018-08-29T00:00:00", "dateUpdated": "2024-08-05T10:17:37.618Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:system_management_module_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9FD0EA83-B8E2-4C91-B32C-A8ED8A966974", "versionEndExcluding": "1.06", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_enclosure_7x81:-:*:*:*:*:*:*:*", "matchCriteriaId": "7CC0357A-E355-43CF-A3A0-FDBAC9579E24", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_enclosure_7y87:-:*:*:*:*:*:*:*", "matchCriteriaId": "97F59C97-615C-47A8-BA90-B1C70A10A0A9", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_enclosure_7z02:-:*:*:*:*:*:*:*", "matchCriteriaId": "84A63456-58CF-4640-97DE-C61A37036FFD", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_enclosure_7y11:-:*:*:*:*:*:*:*", "matchCriteriaId": "7E6AB649-A907-4B4D-A0F6-7E09619F6575", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_enclosure_7y91:-:*:*:*:*:*:*:*", "matchCriteriaId": "42A3257B-59D0-44D5-8B18-AABE9469F8F7", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:thinksystem_d2_enclosure_7x20:-:*:*:*:*:*:*:*", "matchCriteriaId": "52EF5FF3-6312-4C6A-A09E-1921D039D626", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:thinksystem_modular_enclosure_7x22:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0FCCCB3-91FB-4EB8-8087-2E686EDBA78F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In System Management Module (SMM) versions prior to 1.06, a field in the header of SMM firmware update images is insufficiently sanitized, allowing post-authentication command injection on the SMM as the root user."}, {"lang": "es", "value": "En System Management Module (SMM), en versiones anteriores a la 1.06, un campo en la cabecera de las im\u00e1genes de actualizaci\u00f3n del firmware de SMM no est\u00e1 lo suficientemente saneado, lo que permite una inyecci\u00f3n de comandos tras la autenticaci\u00f3n en el SMM como el usuario root."}], "id": "CVE-2018-16089", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 8.5, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-11-27T14:29:00.323", "references": [{"source": "psirt@lenovo.com", "tags": ["Vendor Advisory"], "url": "https://support.lenovo.com/us/en/solutions/LEN-24374"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}