CVE-2016-5247

The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540 devices; and ThinkStation E32, P300, and P310 devices might allow local users or physically proximate attackers to bypass the Secure Boot protection mechanism by leveraging an AMI test key.

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/92661	Third Party Advisory
https://support.lenovo.com/product_security/PS500067	Mitigation Vendor Advisory
http://www.securityfocus.com/bid/92661	Third Party Advisory
https://support.lenovo.com/product_security/PS500067	Mitigation Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:lenovo:bios:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:lenovo:thinkcentre_e93:-:::::::*
	cpe:2.3:h:lenovo:thinkcentre_m6500t\/s:-:::::::*
	cpe:2.3:h:lenovo:thinkcentre_m6600:-:::::::*
	cpe:2.3:h:lenovo:thinkcentre_m6600q:-:::::::*
	cpe:2.3:h:lenovo:thinkcentre_m6600t\/s:-:::::::*
	cpe:2.3:h:lenovo:thinkcentre_m73p:-:::::::*
	cpe:2.3:h:lenovo:thinkcentre_m800:-:::::::*
	cpe:2.3:h:lenovo:thinkcentre_m83:-:::::::*
	cpe:2.3:h:lenovo:thinkcentre_m8500t\/s:-:::::::*
	cpe:2.3:h:lenovo:thinkcentre_m8600t\/s:-:::::::*
	cpe:2.3:h:lenovo:thinkcentre_m900:-:::::::*
	cpe:2.3:h:lenovo:thinkcentre_m93:-:::::::*
	cpe:2.3:h:lenovo:thinkcentre_m93p:-:::::::*
	cpe:2.3:h:lenovo:thinkserver_rq940:-:::::::*
	cpe:2.3:h:lenovo:thinkserver_rs140:-:::::::*
	cpe:2.3:h:lenovo:thinkserver_ts140:-:::::::*
	cpe:2.3:h:lenovo:thinkserver_ts240:-:::::::*
	cpe:2.3:h:lenovo:thinkserver_ts440:-:::::::*
	cpe:2.3:h:lenovo:thinkserver_ts540:-:::::::*
	cpe:2.3:h:lenovo:thinkstation_e32:-:::::::*
	cpe:2.3:h:lenovo:thinkstation_p300:-:::::::*
	cpe:2.3:h:lenovo:thinkstation_p310:-:::::::*

History

21 Nov 2024, 02:53

Type	Values Removed	Values Added
References	~~() http://www.securityfocus.com/bid/92661 - Third Party Advisory~~	() http://www.securityfocus.com/bid/92661 - Third Party Advisory
References	~~() https://support.lenovo.com/product_security/PS500067 - Mitigation, Vendor Advisory~~	() https://support.lenovo.com/product_security/PS500067 - Mitigation, Vendor Advisory

Information

Published : 2016-09-22 15:59

Updated : 2025-04-12 10:46

NVD link : CVE-2016-5247

Mitre link : CVE-2016-5247

CVE.ORG link : CVE-2016-5247

JSON object : View

Products Affected

lenovo

thinkstation_e32
thinkcentre_m900
thinkcentre_m83
thinkserver_ts140
thinkcentre_m8500t\/s
thinkcentre_m6500t\/s
thinkcentre_m93
thinkcentre_m8600t\/s
thinkstation_p300
thinkcentre_m73p
thinkserver_ts440
thinkcentre_e93
thinkcentre_m6600t\/s
thinkcentre_m93p
thinkserver_ts240
thinkserver_ts540
thinkserver_rq940
thinkcentre_m800
thinkserver_rs140
thinkstation_p310
thinkcentre_m6600q
bios
thinkcentre_m6600

CWE

CWE-254

7PK - Security Features

{"id": "CVE-2016-5247", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": true, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2016-09-22T15:59:00.147", "references": [{"url": "http://www.securityfocus.com/bid/92661", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://support.lenovo.com/product_security/PS500067", "tags": ["Mitigation", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/92661", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.lenovo.com/product_security/PS500067", "tags": ["Mitigation", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-254"}]}], "descriptions": [{"lang": "en", "value": "The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540 devices; and ThinkStation E32, P300, and P310 devices might allow local users or physically proximate attackers to bypass the Secure Boot protection mechanism by leveraging an AMI test key."}, {"lang": "es", "value": "El BIOS para Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93 y dispositivos M93P; ThinkServer RQ940, RS140, TS140, TS240, TS440 y dispositivos TS540; y ThinkStation E32, P300 y dispositivos P310 podr\u00eda permitir a usuarios locales o atacantes f\u00edsicamente pr\u00f3ximos eludir el mecanismo de protecci\u00f3n Secure Boot mediante el aprovechamiento de una llave test AMI."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:bios:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "61D66F0D-6C60-4CF6-A509-C6FAC2E22F95"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkcentre_e93:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DA9110B9-D4E6-4DEC-B0B9-DE4641117B54"}, {"criteria": "cpe:2.3:h:lenovo:thinkcentre_m6500t\\/s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E2BD6A2B-9A26-410E-A4D0-CCCCDECB7036"}, {"criteria": "cpe:2.3:h:lenovo:thinkcentre_m6600:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E0CD688F-4889-4EC6-9664-40918E13D2AB"}, {"criteria": "cpe:2.3:h:lenovo:thinkcentre_m6600q:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C5B844BF-DD4B-49B1-AF99-5DE7BDC3ACC1"}, {"criteria": "cpe:2.3:h:lenovo:thinkcentre_m6600t\\/s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5A6B017B-D84C-42E1-A1DB-2ADF40C62657"}, {"criteria": "cpe:2.3:h:lenovo:thinkcentre_m73p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CB7C0580-76A1-41C4-B743-96000853236B"}, {"criteria": "cpe:2.3:h:lenovo:thinkcentre_m800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B97FE070-E06D-433B-AAC9-A2460E404B94"}, {"criteria": "cpe:2.3:h:lenovo:thinkcentre_m83:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9BB1BF39-4D09-4133-88CB-AD9E1271EFF0"}, {"criteria": "cpe:2.3:h:lenovo:thinkcentre_m8500t\\/s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9DC5D34D-72DB-455E-9A01-9066BE4D3670"}, {"criteria": "cpe:2.3:h:lenovo:thinkcentre_m8600t\\/s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "01D2DD3A-4596-49DC-BCFB-440FA422B5D1"}, {"criteria": "cpe:2.3:h:lenovo:thinkcentre_m900:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "ADC80C43-18AF-433D-AA51-F473B8501329"}, {"criteria": "cpe:2.3:h:lenovo:thinkcentre_m93:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6340A351-D5A0-46D2-BF97-412DD66BDE65"}, {"criteria": "cpe:2.3:h:lenovo:thinkcentre_m93p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "11A2CF02-7D37-4C2A-ABB5-0F072BF7C739"}, {"criteria": "cpe:2.3:h:lenovo:thinkserver_rq940:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D16D5E44-A7B1-4112-B881-B5AD3BAD4EEB"}, {"criteria": "cpe:2.3:h:lenovo:thinkserver_rs140:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E2808287-BB21-47D6-8D9B-FE0B72E24A5A"}, {"criteria": "cpe:2.3:h:lenovo:thinkserver_ts140:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7791F37A-6A3D-4E9E-9A66-DBF2A7164A5A"}, {"criteria": "cpe:2.3:h:lenovo:thinkserver_ts240:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "05DAEF23-3EE2-4F8F-BE0D-F1981D46E387"}, {"criteria": "cpe:2.3:h:lenovo:thinkserver_ts440:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "556D6385-C00B-4FEC-A55B-4F5ECB62C6D6"}, {"criteria": "cpe:2.3:h:lenovo:thinkserver_ts540:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E0AA8271-D3BC-484D-9D2F-06807A8C2256"}, {"criteria": "cpe:2.3:h:lenovo:thinkstation_e32:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5109E812-6297-4C9F-B2A1-7DBEB186D346"}, {"criteria": "cpe:2.3:h:lenovo:thinkstation_p300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EDCE0A0B-C9EB-402A-B43B-6B7670E2BF73"}, {"criteria": "cpe:2.3:h:lenovo:thinkstation_p310:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "363F9A72-1401-4F5D-84F1-D018867D972D"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}

7.8 /10