CVE-2016-5247 (GCVE-0-2016-5247)
Vulnerability from cvelistv5 – Published: 2016-09-22 15:00 – Updated: 2024-08-06 00:53
VLAI
Summary
The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540 devices; and ThinkStation E32, P300, and P310 devices might allow local users or physically proximate attackers to bypass the Secure Boot protection mechanism by leveraging an AMI test key.
Severity
7.8 (High)
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/92661 | vdb-entryx_refsource_BID |
| https://support.lenovo.com/product_security/PS500067 | x_refsource_CONFIRM |
Date Public
2016-08-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:53:48.906Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "92661",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92661"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/product_security/PS500067"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540 devices; and ThinkStation E32, P300, and P310 devices might allow local users or physically proximate attackers to bypass the Secure Boot protection mechanism by leveraging an AMI test key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-09-22T14:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "92661",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92661"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/product_security/PS500067"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5247",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540 devices; and ThinkStation E32, P300, and P310 devices might allow local users or physically proximate attackers to bypass the Secure Boot protection mechanism by leveraging an AMI test key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92661",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92661"
},
{
"name": "https://support.lenovo.com/product_security/PS500067",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/product_security/PS500067"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-5247",
"datePublished": "2016-09-22T15:00:00.000Z",
"dateReserved": "2016-06-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:53:48.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2016-5247",
"date": "2026-07-02",
"epss": "0.00379",
"percentile": "0.29865"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2016-5247\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2016-09-22T15:59:00.147\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540 devices; and ThinkStation E32, P300, and P310 devices might allow local users or physically proximate attackers to bypass the Secure Boot protection mechanism by leveraging an AMI test key.\"},{\"lang\":\"es\",\"value\":\"El BIOS para Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93 y dispositivos M93P; ThinkServer RQ940, RS140, TS140, TS240, TS440 y dispositivos TS540; y ThinkStation E32, P300 y dispositivos P310 podr\u00eda permitir a usuarios locales o atacantes f\u00edsicamente pr\u00f3ximos eludir el mecanismo de protecci\u00f3n Secure Boot mediante el aprovechamiento de una llave test AMI.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-254\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:bios:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61D66F0D-6C60-4CF6-A509-C6FAC2E22F95\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkcentre_e93:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA9110B9-D4E6-4DEC-B0B9-DE4641117B54\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkcentre_m6500t\\\\/s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2BD6A2B-9A26-410E-A4D0-CCCCDECB7036\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkcentre_m6600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0CD688F-4889-4EC6-9664-40918E13D2AB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkcentre_m6600q:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5B844BF-DD4B-49B1-AF99-5DE7BDC3ACC1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkcentre_m6600t\\\\/s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A6B017B-D84C-42E1-A1DB-2ADF40C62657\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkcentre_m73p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB7C0580-76A1-41C4-B743-96000853236B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkcentre_m800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B97FE070-E06D-433B-AAC9-A2460E404B94\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkcentre_m83:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BB1BF39-4D09-4133-88CB-AD9E1271EFF0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkcentre_m8500t\\\\/s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9DC5D34D-72DB-455E-9A01-9066BE4D3670\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkcentre_m8600t\\\\/s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01D2DD3A-4596-49DC-BCFB-440FA422B5D1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkcentre_m900:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADC80C43-18AF-433D-AA51-F473B8501329\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkcentre_m93:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6340A351-D5A0-46D2-BF97-412DD66BDE65\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkcentre_m93p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11A2CF02-7D37-4C2A-ABB5-0F072BF7C739\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkserver_rq940:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D16D5E44-A7B1-4112-B881-B5AD3BAD4EEB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkserver_rs140:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2808287-BB21-47D6-8D9B-FE0B72E24A5A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkserver_ts140:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7791F37A-6A3D-4E9E-9A66-DBF2A7164A5A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkserver_ts240:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05DAEF23-3EE2-4F8F-BE0D-F1981D46E387\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkserver_ts440:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"556D6385-C00B-4FEC-A55B-4F5ECB62C6D6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkserver_ts540:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0AA8271-D3BC-484D-9D2F-06807A8C2256\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkstation_e32:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5109E812-6297-4C9F-B2A1-7DBEB186D346\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkstation_p300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDCE0A0B-C9EB-402A-B43B-6B7670E2BF73\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkstation_p310:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"363F9A72-1401-4F5D-84F1-D018867D972D\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/92661\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.lenovo.com/product_security/PS500067\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/92661\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.lenovo.com/product_security/PS500067\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…