This case pertains to a Lenovo Exploit in which the attacker creates a buffer in the memory containing exploit code to be executed in the system management mode (SMM). The attacker then creates a structure with a pointer to the exploit code’s entry point and triggers a System Management Interrupt (SMI) passing a reference to that structure. SMM driver then calls the exploit code via the supplied function pointer. A vulnerability exists in the system management mode BIOS Extensible Firmware Interface (EFI) driver as it allows local administrator to execute arbitrary code with SMM privileges via unspecified vectors. Other know conditions include: the attacker must be able to execute kernel level code on the system. The vulnerability is built into the BIOS and, therefore, it is always there. There is no user configuration required. Normally the contents of SMRAM are hidden by hardware from access by kernel level code. This attack allows full disclosure of the precise content of SMRAM.

i. Use the CVSS Calculator 3.1(Go to the first org website/cvss/calculator/3.1) to get the base score for the above use case. Give a snapshot of calculator showing the metric and the vulnerability score. Explain your choice of metrics.