System Management Module Firmware
CVE-2018-16096
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
In System Management Module (SMM) versions prior to 1.06, the SMM web interface for changing Enclosure VPD fails to sufficiently sanitize all input for HTML tags, possibly opening a path for cross-site scripting.
AnalysisAI
In System Management Module (SMM) versions prior to 1.06, the SMM web interface for changing Enclosure VPD fails to sufficiently sanitize all input for HTML tags, possibly opening a path for. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. In System Management Module (SMM) versions prior to 1.06, the SMM web interface for changing Enclosure VPD fails to sufficiently sanitize all input for HTML tags, possibly opening a path for cross-site scripting. Affected products include: Lenovo System Management Module Firmware. Version information: prior to 1.06.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
In System Management Module (SMM) versions prior to 1.06, the SMM contains weak default root credentials which could be
In System Management Module (SMM) versions prior to 1.06, an internal SMM function that retrieves configuration settings
In System Management Module (SMM) versions prior to 1.06, the FFDC feature includes the collection of SMM system files c
In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable t
In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable t
In System Management Module (SMM) versions prior to 1.06, a field in the header of SMM firmware update images is insuffi
In System Management Module (SMM) versions prior to 1.06, if an attacker manages to log in to the device OS, the validat
In System Management Module (SMM) versions prior to 1.06, the SMM records hashed passwords to a debug log when user auth
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today