Bios
CVE-2016-5247
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540 devices; and ThinkStation E32, P300, and P310 devices might allow local users or physically proximate attackers to bypass the Secure Boot protection mechanism by leveraging an AMI test key.
AnalysisAI
The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-254. The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540 devices; and ThinkStation E32, P300, and P310 devices might allow local users or physically proximate attackers to bypass the Secure Boot protection mechanism by leveraging an AMI test key. Affected products include: Lenovo Bios.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Dell BIOS contains an improper input validation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low
Dell BIOS contains an improper input validation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low
Use of potentially dangerous function in Intel BIOS platform sample code for some Intel(R) Processors may allow an authe
Intel NUC kits with insufficient input validation in system firmware, potentially allows a local attacker to elevate pri
Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. Rated medium se
A potential vulnerability in the system shutdown SMI callback function in some ThinkPad models may allow an attacker wit
Improper access control in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable
Out of bounds write in Intel BIOS platform sample code for some Intel(R) Processors may allow a privileged user to poten
Improper conditions check in Intel BIOS platform sample code for some Intel(R) Processors before may allow a privileged
Improper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially en
Out of bounds write in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable
Improper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially en
Same weakness CWE-254 – 7PK - Security Features
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today