Details of VAR-201608-0492

ID

VAR-201608-0492

TITLE

Lenovo ThinkPad BIOS System Management Mode Arbitrary Code Execution Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2016-05721

DESCRIPTION

BIOS (BasicInput/OutputSystem) is the basic output input system, which is the most basic software code loaded on the computer hardware system. There is a security vulnerability in LenovoThinkPadBIOS. In the system management mode, an attacker with local administrative access can use the vulnerability to execute arbitrary code, disable flash write protection, infect platform firmware, disable secure boot, bypass virtual security mode, and so on. Lenovo ThinkPad is prone to a local privilege escalation vulnerability

Trust: 0.81

sources: CNVD: CNVD-2016-05721 // BID: 91538

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-05721

AFFECTED PRODUCTS

vendor:	lenovo	model:	thinkpad yoga 11e	scope:	eq	version:	0	Trust: 0.9
vendor:	lenovo	model:	thinkpad	scope:	-	version:	-	Trust: 0.6
vendor:	lenovo	model:	thinkpad carbon	scope:	eq	version:	x10	Trust: 0.6
vendor:	lenovo	model:	thinkpad tablet	scope:	eq	version:	80	Trust: 0.6
vendor:	lenovo	model:	thinkpad tablet	scope:	eq	version:	100	Trust: 0.6
vendor:	lenovo	model:	thinkstation d30 (type	scope:	eq	version:	4353-4354)0	Trust: 0.3
vendor:	lenovo	model:	thinkstation d30 (type	scope:	eq	version:	4223-4228-4229)0	Trust: 0.3
vendor:	lenovo	model:	thinkstation c30 (type	scope:	eq	version:	1136-1137)0	Trust: 0.3
vendor:	lenovo	model:	thinkstation c30 (type	scope:	eq	version:	1095-1096-1097)0	Trust: 0.3
vendor:	lenovo	model:	thinkpad yoga	scope:	eq	version:	150	Trust: 0.3
vendor:	lenovo	model:	thinkpad	scope:	eq	version:	x2500	Trust: 0.3
vendor:	lenovo	model:	thinkpad x240s	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad	scope:	eq	version:	x2400	Trust: 0.3
vendor:	lenovo	model:	thinkpad x230s	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad x230i tablet	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad x230i	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad tablet	scope:	eq	version:	x2300	Trust: 0.3
vendor:	lenovo	model:	thinkpad	scope:	eq	version:	x2300	Trust: 0.3
vendor:	lenovo	model:	thinkpad x140e	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad x131e	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad w550s	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad w541	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad w540	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad w530	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad ultrazoom	scope:	eq	version:	1	Trust: 0.3
vendor:	lenovo	model:	thinkpad ultranav wizard	scope:	eq	version:	3	Trust: 0.3
vendor:	lenovo	model:	thinkpad twist/edge s230	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad t550	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad t540p	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad t530i	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad t530	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad t450s	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad t450	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad t440s	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad t440p	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad t440	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad t431s	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad t430si	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad t430s	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad t430i	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad t430	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad t430	scope:	eq	version:	-	Trust: 0.3
vendor:	lenovo	model:	thinkpad t420	scope:	eq	version:	-	Trust: 0.3
vendor:	lenovo	model:	thinkpad t400	scope:	eq	version:	-	Trust: 0.3
vendor:	lenovo	model:	thinkpad s540	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad s531	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad s430	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad s3-s440	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad s3 yoga	scope:	eq	version:	140	Trust: 0.3
vendor:	lenovo	model:	thinkpad l540	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad l450	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad l440	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad l430	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad helix	scope:	eq	version:	(3xxx)0	Trust: 0.3
vendor:	lenovo	model:	thinkpad helix	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad edge s430	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad edge e555	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad edge e455	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad e565	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad e465	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad 11e	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad	scope:	eq	version:	100	Trust: 0.3
vendor:	lenovo	model:	thinkpad	scope:	eq	version:	x61	Trust: 0.3
vendor:	lenovo	model:	thinkpad	scope:	eq	version:	x220	Trust: 0.3
vendor:	lenovo	model:	thinkpad	scope:	eq	version:	x201	Trust: 0.3
vendor:	lenovo	model:	thinkpad t61	scope:	-	version:	-	Trust: 0.3
vendor:	lenovo	model:	thinkpad t60	scope:	-	version:	-	Trust: 0.3
vendor:	lenovo	model:	thinkpad t530	scope:	-	version:	-	Trust: 0.3
vendor:	lenovo	model:	thinkpad t430	scope:	-	version:	-	Trust: 0.3
vendor:	lenovo	model:	thinkpad t43	scope:	-	version:	-	Trust: 0.3
vendor:	lenovo	model:	thinkpad t410	scope:	-	version:	-	Trust: 0.3
vendor:	lenovo	model:	system m5	scope:	eq	version:	x36500	Trust: 0.3
vendor:	lenovo	model:	system m5	scope:	eq	version:	x35500	Trust: 0.3
vendor:	lenovo	model:	system m5	scope:	eq	version:	x35000	Trust: 0.3
vendor:	lenovo	model:	ideapad z50-75	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	ideapad yoga	scope:	eq	version:	3140	Trust: 0.3
vendor:	lenovo	model:	ideapad s41-75	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	ideapad s41-35	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	ideapad m41-70	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	ideapad k41-70	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	ideapad g70-35	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	ideapad g51-35	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	ideapad g50-70m	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	ideapad g41-35	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	ideapad g40-75m	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	ideapad flex	scope:	eq	version:	3-15700	Trust: 0.3
vendor:	lenovo	model:	ideapad flex	scope:	eq	version:	3-14700	Trust: 0.3
vendor:	lenovo	model:	ideapad flex 3-1435	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	ideapad 305-15ihw	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	flex system	scope:	eq	version:	x880x60	Trust: 0.3
vendor:	lenovo	model:	flex system	scope:	eq	version:	x8800	Trust: 0.3
vendor:	lenovo	model:	flex system	scope:	eq	version:	x480x60	Trust: 0.3
vendor:	lenovo	model:	flex system	scope:	eq	version:	x280x60	Trust: 0.3
vendor:	lenovo	model:	flex system m5	scope:	eq	version:	x2400	Trust: 0.3

sources: CNVD: CNVD-2016-05721 // BID: 91538

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2016-05721
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2016-05721
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2016-05721

THREAT TYPE

local

Trust: 0.3

sources: BID: 91538

TYPE

Unknown

Trust: 0.3

sources: BID: 91538

EXTERNAL IDS

db:	LENOVO	id:	LEN-8324	Trust: 0.9
db:	CNVD	id:	CNVD-2016-05721	Trust: 0.6
db:	BID	id:	91538	Trust: 0.3

sources: CNVD: CNVD-2016-05721 // BID: 91538

REFERENCES

url:	https://support.lenovo.com/us/zh/solutions/len-8324	Trust: 0.6
url:	http://www.lenovo.com/ca/en/	Trust: 0.3
url:	https://github.com/cr4sh/thinkpwn	Trust: 0.3
url:	http://blog.cr4.sh/2016/06/exploring-and-exploiting-lenovo.html	Trust: 0.3
url:	https://support.lenovo.com/us/en/solutions/len-8324	Trust: 0.3

sources: CNVD: CNVD-2016-05721 // BID: 91538

CREDITS

Dmytro Oleksiuk

Trust: 0.3

sources: BID: 91538

SOURCES

db:	CNVD	id:	CNVD-2016-05721
db:	BID	id:	91538

LAST UPDATE DATE

2022-05-17T02:02:27.013000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-05721	date:	2016-08-01T00:00:00
db:	BID	id:	91538	date:	2016-07-14T20:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-05721	date:	2016-08-01T00:00:00
db:	BID	id:	91538	date:	2016-06-30T00:00:00