Skip to main content

Bios CVE-2016-5247

HIGH
7PK - Security Features (CWE-254)
2016-09-22 cve@mitre.org
7.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Sep 22, 2016 - 15:59 cve.org
HIGH 7.8

DescriptionCVE.org

The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540 devices; and ThinkStation E32, P300, and P310 devices might allow local users or physically proximate attackers to bypass the Secure Boot protection mechanism by leveraging an AMI test key.

AnalysisAI

The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-254. The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540 devices; and ThinkStation E32, P300, and P310 devices might allow local users or physically proximate attackers to bypass the Secure Boot protection mechanism by leveraging an AMI test key. Affected products include: Lenovo Bios.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Bios

View all
CVE-2022-32492 HIGH
8.8 Oct 11

Dell BIOS contains an improper input validation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low

CVE-2022-32486 HIGH
8.8 Oct 11

Dell BIOS contains an improper input validation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low

CVE-2020-8739 HIGH
7.8 Nov 12

Use of potentially dangerous function in Intel BIOS platform sample code for some Intel(R) Processors may allow an authe

CVE-2018-3612 HIGH
7.8 May 10

Intel NUC kits with insufficient input validation in system firmware, potentially allows a local attacker to elevate pri

CVE-2017-3754 MEDIUM
6.7 Jul 17

Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. Rated medium se

CVE-2021-3452 MEDIUM
6.7 Jul 16

A potential vulnerability in the system shutdown SMI callback function in some ThinkPad models may allow an attacker wit

CVE-2020-8764 MEDIUM
6.7 Nov 12

Improper access control in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable

CVE-2020-8740 MEDIUM
6.7 Nov 12

Out of bounds write in Intel BIOS platform sample code for some Intel(R) Processors may allow a privileged user to poten

CVE-2020-8738 MEDIUM
6.7 Nov 12

Improper conditions check in Intel BIOS platform sample code for some Intel(R) Processors before may allow a privileged

CVE-2020-0593 MEDIUM
6.7 Nov 12

Improper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially en

CVE-2020-0592 MEDIUM
6.7 Nov 12

Out of bounds write in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable

CVE-2020-0591 MEDIUM
6.7 Nov 12

Improper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially en

Share

CVE-2016-5247 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy