CVE-2018-16091 – System Management Module Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-16091
In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to several buffer overflows. En System Management Module (SMM), en versiones anteriores a la 1.06, la lógica de creación de certificados y análisis es vulnerable a varios desbordamientos de búfer. • https://support.lenovo.com/us/en/solutions/LEN-24374 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2018-9083 – System Management Module Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-9083
In System Management Module (SMM) versions prior to 1.06, the SMM contains weak default root credentials which could be used to log in to the device OS -- if the attacker manages to enable SSH or Telnet connections via some other vulnerability. System Management Module (SMM) en versiones anteriores a la 1.06 contiene credenciales root por defecto, lo que puede emplearse para iniciar sesión en el sistema operativo del dispositivo (si el atacante consigue habilitar conexiones SSH o Telnet mediante otras vulnerabilidades). • https://support.lenovo.com/us/en/solutions/LEN-24374 • CWE-798: Use of Hard-coded Credentials •