Details of VAR-201701-0355

ID

VAR-201701-0355

CVE

CVE-2016-8226

TITLE

plural Lenovo System Product BIOS Denial of service in Japan (DoS) Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-007080

DESCRIPTION

The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure. Multiple Lenovo products are prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause a denial of service condition. Lenovo Flex System x240 M5 and others are servers from Lenovo of China. BIOS is one of the basic input input systems. There are security vulnerabilities in the BIOS of several Lenovo products. The following products are affected: Lenevo Flex System x240 M5; Flex System x280 X6; Flex System x480 X6; Flex System x880 X6; NeXtScale nx360 M5; System x3950 X6

Trust: 1.98

sources: NVD: CVE-2016-8226 // JVNDB: JVNDB-2016-007080 // BID: 95844 // VULHUB: VHN-97046

AFFECTED PRODUCTS

vendor:	lenovo	model:	system x3500 m5 bios	scope:	eq	version:	-	Trust: 1.6
vendor:	lenovo	model:	nextscale nx360 m5 bios	scope:	eq	version:	-	Trust: 1.6
vendor:	lenovo	model:	system x3950 x6 bios	scope:	eq	version:	-	Trust: 1.6
vendor:	lenovo	model:	flex system x240 m5 bios	scope:	eq	version:	-	Trust: 1.6
vendor:	lenovo	model:	flex system x280 m6 bios	scope:	eq	version:	-	Trust: 1.6
vendor:	lenovo	model:	system x3550 m5 bios	scope:	eq	version:	-	Trust: 1.6
vendor:	lenovo	model:	system x3650 m5 bios	scope:	eq	version:	-	Trust: 1.6
vendor:	lenovo	model:	flex system x880 x6 bios	scope:	eq	version:	-	Trust: 1.6
vendor:	lenovo	model:	system x3250 m6 bios	scope:	eq	version:	-	Trust: 1.6
vendor:	lenovo	model:	system x3850 x6 bios	scope:	eq	version:	-	Trust: 1.6
vendor:	lenovo	model:	flex system x480 x6 bios	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	flex system x240 m5	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	flex system x280 x6	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	flex system x480 x6	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	flex system x880 x6	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	nextscale nx360 m5	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	system x3250 m6	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	system x3500 m5	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	system x3550 m5	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	system x3650 m5	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	system x3850 x6	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	system x3950 x6	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	system bios	scope:	eq	version:	x3950x60	Trust: 0.3
vendor:	lenovo	model:	system bios	scope:	eq	version:	x3850x60	Trust: 0.3
vendor:	lenovo	model:	system m5 bios	scope:	eq	version:	x36500	Trust: 0.3
vendor:	lenovo	model:	system m5 bios	scope:	eq	version:	x35500	Trust: 0.3
vendor:	lenovo	model:	system m5 bios	scope:	eq	version:	x35000	Trust: 0.3
vendor:	lenovo	model:	system m6 bios	scope:	eq	version:	x32500	Trust: 0.3
vendor:	lenovo	model:	nextscale nx360 m5 bios	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	flex system bios	scope:	eq	version:	x880x60	Trust: 0.3
vendor:	lenovo	model:	flex system bios	scope:	eq	version:	x480x60	Trust: 0.3
vendor:	lenovo	model:	flex system bios	scope:	eq	version:	x280x60	Trust: 0.3
vendor:	lenovo	model:	flex system m5 bios	scope:	eq	version:	x2400	Trust: 0.3

sources: BID: 95844 // JVNDB: JVNDB-2016-007080 // CNNVD: CNNVD-201702-169 // NVD: CVE-2016-8226

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-8226
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-8226
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201702-169
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-97046
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-8226
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-97046
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-8226
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-97046 // JVNDB: JVNDB-2016-007080 // CNNVD: CNNVD-201702-169 // NVD: CVE-2016-8226

PROBLEMTYPE DATA

problemtype:

CWE-19

Trust: 1.9

sources: VULHUB: VHN-97046 // JVNDB: JVNDB-2016-007080 // NVD: CVE-2016-8226

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-169

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201702-169

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007080

PATCH

title:	LEN-11306	url:	https://support.lenovo.com/jp/ja/solutions/LEN-11306	Trust: 0.8
title:	A variety of Lenovo products BIOS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68245	Trust: 0.6

sources: JVNDB: JVNDB-2016-007080 // CNNVD: CNNVD-201702-169

EXTERNAL IDS

db:	NVD	id:	CVE-2016-8226	Trust: 2.8
db:	LENOVO	id:	LEN-11306	Trust: 2.0
db:	BID	id:	95844	Trust: 2.0
db:	JVNDB	id:	JVNDB-2016-007080	Trust: 0.8
db:	CNNVD	id:	CNNVD-201702-169	Trust: 0.7
db:	VULHUB	id:	VHN-97046	Trust: 0.1

sources: VULHUB: VHN-97046 // BID: 95844 // JVNDB: JVNDB-2016-007080 // CNNVD: CNNVD-201702-169 // NVD: CVE-2016-8226

REFERENCES

url:	https://support.lenovo.com/us/en/solutions/len-11306	Trust: 2.0
url:	http://www.securityfocus.com/bid/95844	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8226	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8226	Trust: 0.8
url:	http://www.lenovo.com/ca/en/	Trust: 0.3

sources: VULHUB: VHN-97046 // BID: 95844 // JVNDB: JVNDB-2016-007080 // CNNVD: CNNVD-201702-169 // NVD: CVE-2016-8226

CREDITS

Lenovo

Trust: 0.3

sources: BID: 95844

SOURCES

db:	VULHUB	id:	VHN-97046
db:	BID	id:	95844
db:	JVNDB	id:	JVNDB-2016-007080
db:	CNNVD	id:	CNNVD-201702-169
db:	NVD	id:	CVE-2016-8226

LAST UPDATE DATE

2024-11-23T22:30:52.052000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-97046	date:	2017-02-01T00:00:00
db:	BID	id:	95844	date:	2017-02-02T06:03:00
db:	JVNDB	id:	JVNDB-2016-007080	date:	2017-02-10T00:00:00
db:	CNNVD	id:	CNNVD-201702-169	date:	2017-02-21T00:00:00
db:	NVD	id:	CVE-2016-8226	date:	2024-11-21T02:59:01.427

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-97046	date:	2017-01-26T00:00:00
db:	BID	id:	95844	date:	2016-12-15T00:00:00
db:	JVNDB	id:	JVNDB-2016-007080	date:	2017-02-10T00:00:00
db:	CNNVD	id:	CNNVD-201702-169	date:	2017-01-26T00:00:00
db:	NVD	id:	CVE-2016-8226	date:	2017-01-26T17:59:00.180