Vulnerabilities > CVE-2016-5247 - 7PK - Security Features vulnerability in Lenovo Bios

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

lenovo

CWE-254

NVD

Published: 2016-09-22

Updated: 2016-09-23

Summary

The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540 devices; and ThinkStation E32, P300, and P310 devices might allow local users or physically proximate attackers to bypass the Secure Boot protection mechanism by leveraging an AMI test key.

Vulnerable Configurations

Part	Description	Count
OS	Lenovo Lenovo Bios -	1
Hardware	Lenovo Lenovo Thinkcentre E93 - Lenovo Thinkcentre M6500T/S - Lenovo Thinkcentre M6600 - Lenovo Thinkcentre M6600Q - Lenovo Thinkcentre M6600T/S - Lenovo Thinkcentre M73P - Lenovo Thinkcentre M800 - Lenovo Thinkcentre M83 - Lenovo Thinkcentre M8500T/S - Lenovo Thinkcentre M8600T/S - Lenovo Thinkcentre M900 - Lenovo Thinkcentre M93 - Lenovo Thinkcentre M93P - Lenovo Thinkserver Rq940 - Lenovo Thinkserver Rs140 - Lenovo Thinkserver Ts140 - Lenovo Thinkserver Ts240 - Lenovo Thinkserver Ts440 - Lenovo Thinkserver Ts540 - Lenovo Thinkstation E32 - Lenovo Thinkstation P300 - Lenovo Thinkstation P310 -	22

Common Weakness Enumeration (CWE)

CWE-254 - 7PK - Security Features

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References