CVE-2018-16090

Name of the Vulnerable Software and Affected Versions System Management Module (SMM) versions prior to 1.06

Description The issue concerns the SMM certificate creation and parsing logic, which is susceptible to post-authentication command injection. This means that after a user has authenticated, an attacker could potentially inject commands to execute unauthorized actions.

Recommendations For versions prior to 1.06, update to version 1.06 or later to resolve the issue. As a temporary workaround, consider restricting access to the SMM certificate creation and parsing functionality to minimize the risk of exploitation.