CVE-2016-5247

Description

The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540 devices; and ThinkStation E32, P300, and P310 devices might allow local users or physically proximate attackers to bypass the Secure Boot protection mechanism by leveraging an AMI test key.

Related CPE's

olenovobios-*******

hlenovothinkserver_rq940-*******

hlenovothinkcentre_m93-*******

hlenovothinkcentre_m73p-*******

hlenovothinkserver_ts440-*******

hlenovothinkcentre_m8600t\/s-*******

hlenovothinkstation_p300-*******

hlenovothinkcentre_e93-*******

hlenovothinkserver_ts240-*******

hlenovothinkcentre_m800-*******

References

92661

Third Party Advisory

https://support.lenovo.com/product_security/PS500067

MitigationVendor Advisory

CvssV3 impact

BaseSeverity

HIGH

ConfidentialityImpact

HIGH

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

LOCAL

AvailabilityImpact

HIGH

IntegrityImpact

HIGH

PrivilegesRequired

LOW

BaseScore

7.8

VectorString

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Version

3.0

UserInteraction

NONE

CvssV2 impact

Version

2.0

VectorString

AV:L/AC:L/Au:N/C:C/I:C/A:C

AccessVector

LOCAL

AccessComplexity

LOW

Authentication

NONE

ConfidentialityImpact

COMPLETE

IntegrityImpact

COMPLETE

AvailabilityImpact

COMPLETE

BaseScore

7.199999809265137

Created by Yello
About Severity.io