Details of VAR-201703-0203

ID

VAR-201703-0203

CVE

CVE-2016-8236

TITLE

plural Lenovo ThinkServer TSM Product reset vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-007935

DESCRIPTION

Reset to default settings may occur in Lenovo ThinkServer TSM RD350, RD450, RD550, RD650, TD350 during a prolonged broadcast storm in TSM versions earlier than 3.77. Lenovo ThinkServer System Manager (TSM) Baseboard Management Controller (BMC) for ThinkServer RD350, etc. is a controller embedded in the hardware devices of ThinkServer RD350 and other servers from China Lenovo to manage and monitor server status. A security vulnerability exists in versions of TSM prior to 3.77 in several Lenovo ThinkServer systems. The following products are affected: Lenovo ThinkServer RD350; ThinkServer RD450; ThinkServer RD550; ThinkServer RD650; ThinkServer TD350

Trust: 1.71

sources: NVD: CVE-2016-8236 // JVNDB: JVNDB-2016-007935 // VULHUB: VHN-97056

AFFECTED PRODUCTS

vendor:	lenovo	model:	thinkserver	scope:	lte	version:	3.76.208	Trust: 1.0
vendor:	lenovo	model:	thinkserver rd350	scope:	lt	version:	3.77	Trust: 0.8
vendor:	lenovo	model:	thinkserver rd450	scope:	lt	version:	3.77	Trust: 0.8
vendor:	lenovo	model:	thinkserver rd550	scope:	lt	version:	3.77	Trust: 0.8
vendor:	lenovo	model:	thinkserver rd650	scope:	lt	version:	3.77	Trust: 0.8
vendor:	lenovo	model:	thinkserver td350	scope:	lt	version:	3.77	Trust: 0.8
vendor:	lenovo	model:	thinkserver	scope:	eq	version:	3.76.208	Trust: 0.6

sources: JVNDB: JVNDB-2016-007935 // CNNVD: CNNVD-201703-135 // NVD: CVE-2016-8236

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-8236
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-8236
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201703-135
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-97056
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-8236
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-97056
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-8236
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-97056 // JVNDB: JVNDB-2016-007935 // CNNVD: CNNVD-201703-135 // NVD: CVE-2016-8236

PROBLEMTYPE DATA

problemtype:

CWE-284

Trust: 1.9

sources: VULHUB: VHN-97056 // JVNDB: JVNDB-2016-007935 // NVD: CVE-2016-8236

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-135

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201703-135

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007935

PATCH

title:	LEN-9307	url:	https://support.lenovo.com/jp/ja/solutions/len-9307	Trust: 0.8
title:	A variety of Lenovo products Lenovo ThinkServer System Manager Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67965	Trust: 0.6

sources: JVNDB: JVNDB-2016-007935 // CNNVD: CNNVD-201703-135

EXTERNAL IDS

db:	NVD	id:	CVE-2016-8236	Trust: 2.5
db:	LENOVO	id:	LEN-9307	Trust: 1.7
db:	JVNDB	id:	JVNDB-2016-007935	Trust: 0.8
db:	CNNVD	id:	CNNVD-201703-135	Trust: 0.7
db:	VULHUB	id:	VHN-97056	Trust: 0.1

sources: VULHUB: VHN-97056 // JVNDB: JVNDB-2016-007935 // CNNVD: CNNVD-201703-135 // NVD: CVE-2016-8236

REFERENCES

url:	https://support.lenovo.com/us/en/solutions/len-9307	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8236	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8236	Trust: 0.8

sources: VULHUB: VHN-97056 // JVNDB: JVNDB-2016-007935 // CNNVD: CNNVD-201703-135 // NVD: CVE-2016-8236

SOURCES

db:	VULHUB	id:	VHN-97056
db:	JVNDB	id:	JVNDB-2016-007935
db:	CNNVD	id:	CNNVD-201703-135
db:	NVD	id:	CVE-2016-8236

LAST UPDATE DATE

2024-11-23T22:42:13.476000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-97056	date:	2017-03-09T00:00:00
db:	JVNDB	id:	JVNDB-2016-007935	date:	2017-03-30T00:00:00
db:	CNNVD	id:	CNNVD-201703-135	date:	2017-03-06T00:00:00
db:	NVD	id:	CVE-2016-8236	date:	2024-11-21T02:59:02.477

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-97056	date:	2017-03-03T00:00:00
db:	JVNDB	id:	JVNDB-2016-007935	date:	2017-03-30T00:00:00
db:	CNNVD	id:	CNNVD-201703-135	date:	2017-03-06T00:00:00
db:	NVD	id:	CVE-2016-8236	date:	2017-03-03T18:59:00.210