CVE-2018-16090 - OpenCVE

In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to post-authentication command injection.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Lenovo	System Management Module Firmware Thinkagile Hx Enclosure 7x81 Thinkagile Hx Enclosure 7y87 Thinkagile Hx Enclosure 7z02 Thinkagile Vx Enclosure 7y11 Thinkagile Vx Enclosure 7y91 Thinksystem D2 Enclosure 7x20 Thinksystem Modular Enclosure 7x22

Configuration 1 [-]

AND

cpe:2.3:o:lenovo:system_management_module_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:lenovo:thinkagile_hx_enclosure_7x81:-:::::::*
	cpe:2.3:h:lenovo:thinkagile_hx_enclosure_7y87:-:::::::*
	cpe:2.3:h:lenovo:thinkagile_hx_enclosure_7z02:-:::::::*
	cpe:2.3:h:lenovo:thinkagile_vx_enclosure_7y11:-:::::::*
	cpe:2.3:h:lenovo:thinkagile_vx_enclosure_7y91:-:::::::*
	cpe:2.3:h:lenovo:thinksystem_d2_enclosure_7x20:-:::::::*
	cpe:2.3:h:lenovo:thinksystem_modular_enclosure_7x22:-:::::::*

No data.

References

Link	Providers
https://support.lenovo.com/us/en/solutions/LEN-24374

History

No history.

MITRE

Status: PUBLISHED

Assigner: lenovo

Published: 2018-11-27T14:00:00

Updated: 2024-08-05T10:17:37.619Z

Reserved: 2018-08-29T00:00:00

Link: CVE-2018-16090

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-11-27T14:29:00.383

Modified: 2019-10-03T00:03:26.223

Link: CVE-2018-16090

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "ThinkSystem SMM", "vendor": "Lenovo", "versions": [{"lessThan": "1.06", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2018-11-27T00:00:00", "descriptions": [{"lang": "en", "value": "In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to post-authentication command injection."}], "problemTypes": [{"descriptions": [{"description": "Privilege escalation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-11-27T13:57:01", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.lenovo.com/us/en/solutions/LEN-24374"}], "solutions": [{"lang": "en", "value": "Update SMM firmware"}], "source": {"advisory": "LEN-24374", "discovery": "INTERNAL"}, "title": "System Management Module Vulnerabilities", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@lenovo.com", "ID": "CVE-2018-16090", "STATE": "PUBLIC", "TITLE": "System Management Module Vulnerabilities"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ThinkSystem SMM", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_value": "1.06"}]}}]}, "vendor_name": "Lenovo"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to post-authentication command injection."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Privilege escalation"}]}]}, "references": {"reference_data": [{"name": "https://support.lenovo.com/us/en/solutions/LEN-24374", "refsource": "CONFIRM", "url": "https://support.lenovo.com/us/en/solutions/LEN-24374"}]}, "solution": [{"lang": "en", "value": "Update SMM firmware"}], "source": {"advisory": "LEN-24374", "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T10:17:37.619Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.lenovo.com/us/en/solutions/LEN-24374"}]}]}, "cveMetadata": {"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2018-16090", "datePublished": "2018-11-27T14:00:00", "dateReserved": "2018-08-29T00:00:00", "dateUpdated": "2024-08-05T10:17:37.619Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:system_management_module_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9FD0EA83-B8E2-4C91-B32C-A8ED8A966974", "versionEndExcluding": "1.06", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_enclosure_7x81:-:*:*:*:*:*:*:*", "matchCriteriaId": "7CC0357A-E355-43CF-A3A0-FDBAC9579E24", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_enclosure_7y87:-:*:*:*:*:*:*:*", "matchCriteriaId": "97F59C97-615C-47A8-BA90-B1C70A10A0A9", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:thinkagile_hx_enclosure_7z02:-:*:*:*:*:*:*:*", "matchCriteriaId": "84A63456-58CF-4640-97DE-C61A37036FFD", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_enclosure_7y11:-:*:*:*:*:*:*:*", "matchCriteriaId": "7E6AB649-A907-4B4D-A0F6-7E09619F6575", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:thinkagile_vx_enclosure_7y91:-:*:*:*:*:*:*:*", "matchCriteriaId": "42A3257B-59D0-44D5-8B18-AABE9469F8F7", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:thinksystem_d2_enclosure_7x20:-:*:*:*:*:*:*:*", "matchCriteriaId": "52EF5FF3-6312-4C6A-A09E-1921D039D626", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:thinksystem_modular_enclosure_7x22:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0FCCCB3-91FB-4EB8-8087-2E686EDBA78F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to post-authentication command injection."}, {"lang": "es", "value": "En System Management Module (SMM), en versiones anteriores a la 1.06, la l\u00f3gica de creaci\u00f3n de certificados y an\u00e1lisis es vulnerable a una inyecci\u00f3n de comandos tras la autenticaci\u00f3n."}], "id": "CVE-2018-16090", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-11-27T14:29:00.383", "references": [{"source": "psirt@lenovo.com", "tags": ["Vendor Advisory"], "url": "https://support.lenovo.com/us/en/solutions/LEN-24374"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}