Details of VAR-201609-0149

ID

VAR-201609-0149

CVE

CVE-2016-5247

TITLE

plural Lenovo Device BIOS Vulnerabilities that could bypass the secure boot protection mechanism

Trust: 0.8

sources: JVNDB: JVNDB-2016-004891

DESCRIPTION

The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540 devices; and ThinkStation E32, P300, and P310 devices might allow local users or physically proximate attackers to bypass the Secure Boot protection mechanism by leveraging an AMI test key. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. Lenovo Secure Boot is prone to a local security-bypass vulnerability. Local attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Lenovo ThinkCentre E93, etc. are all computer products of China Lenovo (Lenovo). There are security vulnerabilities in the BIOS of several Lenovo products. The following products are affected: Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, M93P, ThinkServer RQ940, RS140, TS140, TS240, TS440, TS540, ThinkStation E32, P300, P310

Trust: 1.98

sources: NVD: CVE-2016-5247 // JVNDB: JVNDB-2016-004891 // BID: 92661 // VULHUB: VHN-94066

AFFECTED PRODUCTS

vendor:	lenovo	model:	bios	scope:	eq	version:	-	Trust: 1.6
vendor:	lenovo	model:	thinkcentre m73	scope:	eq	version:	0	Trust: 0.9
vendor:	lenovo	model:	thinkcentre m83 fbktc5a	scope:	ne	version:	-	Trust: 0.9
vendor:	lenovo	model:	bios	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	thinkcentre e93	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	thinkcentre m6500t/s	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	thinkcentre m6600	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	thinkcentre m6600q	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	thinkcentre m6600t/s	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	thinkcentre m73p	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	thinkcentre m800	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	thinkcentre m83	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	thinkcentre m8500t/s	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	thinkcentre m8600t/s	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	thinkcentre m900	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	thinkcentre m93	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	thinkcentre m93p	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	thinkserver rq940	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	thinkserver rs140	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	thinkserver ts140	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	thinkserver ts240	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	thinkserver ts440	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	thinkserver ts540	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	thinkstation e32	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	thinkstation p300	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	thinkstation p310	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	thinkcentre e93	scope:	eq	version:	0	Trust: 0.6
vendor:	lenovo	model:	thinkcentre m93p fbktc5a	scope:	ne	version:	-	Trust: 0.6
vendor:	lenovo	model:	thinkcentre e93 fbktc5a	scope:	ne	version:	-	Trust: 0.6
vendor:	lenovo	model:	thinkstation p310	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkstation p300	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkstation e32	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkserver ts540	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkserver ts440	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkserver ts240	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkserver ts140	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkcentre m900	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkcentre m8600t/s	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkcentre m8500t/s	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkcentre m800	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkcentre m73p	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkcentre m6600t/s	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkcentre m6600q	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkcentre m6600	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkstation p310 fwkt31a	scope:	ne	version:	-	Trust: 0.3
vendor:	lenovo	model:	thinkstation p300 fbktc5a	scope:	ne	version:	-	Trust: 0.3
vendor:	lenovo	model:	thinkstation e32 fbktc5a	scope:	ne	version:	-	Trust: 0.3
vendor:	lenovo	model:	thinkserver ts540 fbktc8a	scope:	ne	version:	-	Trust: 0.3
vendor:	lenovo	model:	thinkserver ts440 fbktc8a	scope:	ne	version:	-	Trust: 0.3
vendor:	lenovo	model:	thinkserver ts240 fbktc8a	scope:	ne	version:	-	Trust: 0.3
vendor:	lenovo	model:	thinkserver ts140 fbktc8a	scope:	ne	version:	-	Trust: 0.3
vendor:	lenovo	model:	thinkcentre m93p tiny fbktc5a	scope:	ne	version:	-	Trust: 0.3
vendor:	lenovo	model:	thinkcentre m93 fbktc5a	scope:	ne	version:	-	Trust: 0.3
vendor:	lenovo	model:	thinkcentre m900 fwkt31a	scope:	ne	version:	-	Trust: 0.3
vendor:	lenovo	model:	thinkcentre m8600t/s fwkt31a	scope:	ne	version:	-	Trust: 0.3
vendor:	lenovo	model:	thinkcentre m8500t/s fbktc5a	scope:	ne	version:	-	Trust: 0.3
vendor:	lenovo	model:	thinkcentre m800 fwkt31a	scope:	ne	version:	-	Trust: 0.3
vendor:	lenovo	model:	thinkcentre m73p fbktc5a	scope:	ne	version:	-	Trust: 0.3
vendor:	lenovo	model:	thinkcentre m6600t/s fwkt31a	scope:	ne	version:	-	Trust: 0.3
vendor:	lenovo	model:	thinkcentre m6600q fwkt31a	scope:	ne	version:	-	Trust: 0.3
vendor:	lenovo	model:	thinkcentre m6600 fwkt31a	scope:	ne	version:	-	Trust: 0.3
vendor:	lenovo	model:	thinkcentre m6500t/s fbktc5a	scope:	ne	version:	-	Trust: 0.3

sources: BID: 92661 // JVNDB: JVNDB-2016-004891 // CNNVD: CNNVD-201608-491 // NVD: CVE-2016-5247

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-5247
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-5247
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201608-491
value:	HIGH
Trust: 0.6
VULHUB:	VHN-94066
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-5247
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-94066
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-5247
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-94066 // JVNDB: JVNDB-2016-004891 // CNNVD: CNNVD-201608-491 // NVD: CVE-2016-5247

PROBLEMTYPE DATA

problemtype:	CWE-254	Trust: 1.1
problemtype:	CWE-Other	Trust: 0.8

sources: VULHUB: VHN-94066 // JVNDB: JVNDB-2016-004891 // NVD: CVE-2016-5247

THREAT TYPE

local

Trust: 0.9

sources: BID: 92661 // CNNVD: CNNVD-201608-491

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201608-491

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004891

PATCH

title:	LEN-7806	url:	https://support.lenovo.com/jp/ja/product_security/ps500067	Trust: 0.8
title:	Lenovo Secure Boot Local security bypass vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63807	Trust: 0.6

sources: JVNDB: JVNDB-2016-004891 // CNNVD: CNNVD-201608-491

EXTERNAL IDS

db:	NVD	id:	CVE-2016-5247	Trust: 2.8
db:	BID	id:	92661	Trust: 2.0
db:	JVNDB	id:	JVNDB-2016-004891	Trust: 0.8
db:	CNNVD	id:	CNNVD-201608-491	Trust: 0.7
db:	VULHUB	id:	VHN-94066	Trust: 0.1

sources: VULHUB: VHN-94066 // BID: 92661 // JVNDB: JVNDB-2016-004891 // CNNVD: CNNVD-201608-491 // NVD: CVE-2016-5247

REFERENCES

url:	http://www.securityfocus.com/bid/92661	Trust: 1.7
url:	https://support.lenovo.com/product_security/ps500067	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5247	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5247	Trust: 0.8
url:	http://www.lenovo.com/ca/en/	Trust: 0.3
url:	https://support.lenovo.com/us/en/product_security/ps500067	Trust: 0.3
url:	https://technet.microsoft.com/en-us/library/hh824987.aspx	Trust: 0.3

sources: VULHUB: VHN-94066 // BID: 92661 // JVNDB: JVNDB-2016-004891 // CNNVD: CNNVD-201608-491 // NVD: CVE-2016-5247

CREDITS

Jan Schermer.

Trust: 0.9

sources: BID: 92661 // CNNVD: CNNVD-201608-491

SOURCES

db:	VULHUB	id:	VHN-94066
db:	BID	id:	92661
db:	JVNDB	id:	JVNDB-2016-004891
db:	CNNVD	id:	CNNVD-201608-491
db:	NVD	id:	CVE-2016-5247

LAST UPDATE DATE

2024-08-14T14:46:21.733000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-94066	date:	2016-09-23T00:00:00
db:	BID	id:	92661	date:	2016-08-25T00:00:00
db:	JVNDB	id:	JVNDB-2016-004891	date:	2016-09-28T00:00:00
db:	CNNVD	id:	CNNVD-201608-491	date:	2016-09-23T00:00:00
db:	NVD	id:	CVE-2016-5247	date:	2016-09-23T15:34:06.147

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-94066	date:	2016-09-22T00:00:00
db:	BID	id:	92661	date:	2016-08-25T00:00:00
db:	JVNDB	id:	JVNDB-2016-004891	date:	2016-09-28T00:00:00
db:	CNNVD	id:	CNNVD-201608-491	date:	2016-08-29T00:00:00
db:	NVD	id:	CVE-2016-5247	date:	2016-09-22T15:59:00.147