Vulnerabilites related to lenovo - k41-80
var-201611-0150
Vulnerability from variot
A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Management Engine (ME) protections. This could result in a denial of service or privilege escalation attack on the system. LenovoNotebook and ThinkServer are products of China Lenovo. The former is the notebook series, the latter is the server series. A local elevation of privilege vulnerability exists in the LenovoNotebook and ThinkServer systems. A local attacker can leverage this issue to gain elevated privileges. There are security vulnerabilities in Lenovo Notebook and ThinkServer systems
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201611-0150",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "notebook yoga 900 13isk bios",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook yoga 710 11isk bios",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook yoga 710 11ikb bios",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook miix 710 12ikb bios",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook yoga 510 14isk bios",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook yoga 510 15isk bios",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook yoga 900s 12isk bios",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "bios",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook xiaoxin air 12 bios",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook k41 80 bios",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook ideapad 300 17isk bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook e51 80 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook ideapad 300 14isk bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook ideapad 300 15isk bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkserver ts150 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook k21 80 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook e40 80 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook ideapad 510s 12isk bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook 110 15ibr bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook g50 80 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook ideapad 300 14ibr bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkserver ts450 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook b70 80 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook g50 80 touch bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook e41 80 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook g40 80 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook 110 14ibr bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook e31 80 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook ideapad 300 15ibr bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkserver",
"scope": "eq",
"trust": 0.9,
"vendor": "lenovo",
"version": "0"
},
{
"model": "notebook",
"scope": "eq",
"trust": 0.9,
"vendor": "lenovo",
"version": "0"
},
{
"model": "110-14ibr",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "110-14ibr bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "110-15ibr",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "110-15ibr bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "b70-80",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "b70-80 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "e31-80",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "e31-80 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "e40-80",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "e40-80 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "e41-80",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "e41-80 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "e51-80",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "e51-80 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "g40-80",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "g40-80 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "g50-80",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "g50-80 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "g50-80 touch",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "g50-80 touch bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "ideapad 300-14ibr",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "ideapad 300-14ibr bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "ideapad 300-14isk",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "ideapad 300-14isk bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "ideapad 300-15ibr",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "ideapad 300-15ibr bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "ideapad 300-15isk",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "ideapad 300-15isk bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "ideapad 300-17isk",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "ideapad 300-17isk bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "ideapad 510s-12isk",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "ideapad 510s-12isk bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "k21-80",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "k21-80 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "k41-80",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "k41-80 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "miix 710-12ikb",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "miix 710-12ikb bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkserver ts150",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkserver ts150 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkserver ts450",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkserver ts450 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "xiaoxin air 12",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "xiaoxin air 12 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "yoga 510-14isk",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "yoga 510-14isk bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "yoga 510-15isk",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "yoga 510-15isk bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "yoga 710-11ikb",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "yoga 710-11ikb bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "yoga 710-11isk",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "yoga 710-11isk bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "yoga 900-13isk",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "yoga 900-13isk bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "yoga 900s-12isk",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "yoga 900s-12isk bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11754"
},
{
"db": "BID",
"id": "94595"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006116"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-644"
},
{
"db": "NVD",
"id": "CVE-2016-8224"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:lenovo:notebook_110_14ibr",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:notebook_110_14ibr_bios",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:lenovo:notebook_110_15ibr",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:notebook_110_15ibr_bios",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:lenovo:notebook_b70_80",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:notebook_b70_80_bios",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:bios",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:lenovo:notebook_e31_80",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:notebook_e31_80_bios",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:lenovo:notebook_e40_80",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:notebook_e40_80_bios",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:lenovo:notebook_e41_80",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:notebook_e41_80_bios",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:lenovo:notebook_e51_80",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:notebook_e51_80_bios",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:lenovo:notebook_g40_80",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:notebook_g40_80_bios",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:lenovo:notebook_g50_80",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:notebook_g50_80_bios",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:lenovo:notebook_g50_80_touch",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:notebook_g50_80_touch_bios",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:lenovo:notebook_ideapad_300_14ibr",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:notebook_ideapad_300_14ibr_bios",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:lenovo:notebook_ideapad_300_14isk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:notebook_ideapad_300_14isk_bios",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:lenovo:notebook_ideapad_300_15ibr",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:notebook_ideapad_300_15ibr_bios",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:lenovo:notebook_ideapad_300_15isk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:notebook_ideapad_300_15isk_bios",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:lenovo:notebook_ideapad_300_17isk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:notebook_ideapad_300_17isk_bios",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:lenovo:notebook_ideapad_510s_12isk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:notebook_ideapad_510s_12isk_bios",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:lenovo:notebook_k21_80",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:notebook_k21_80_bios",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:lenovo:notebook_k41_80",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:notebook_k41_80_bios",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:lenovo:notebook_miix_710_12ikb",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:notebook_miix_710_12ikb_bios",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:lenovo:thinkserver_ts150",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:thinkserver_ts150_bios",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:lenovo:thinkserver_ts450",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:thinkserver_ts450_bios",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:lenovo:notebook_xiaoxin_air_12",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:notebook_xiaoxin_air_12_bios",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:lenovo:notebook_yoga_510_14isk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:notebook_yoga_510_14isk_bios",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:lenovo:notebook_yoga_510_15isk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:notebook_yoga_510_15isk_bios",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:lenovo:notebook_yoga_710_11ikb",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:notebook_yoga_710_11ikb_bios",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:lenovo:notebook_yoga_710_11isk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:notebook_yoga_710_11isk_bios",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:lenovo:notebook_yoga_900_13isk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:notebook_yoga_900_13isk_bios",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:lenovo:notebook_yoga_900s_12isk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:notebook_yoga_900s_12isk_bios",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-006116"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alexander Ermolov from Digital Security ltd.",
"sources": [
{
"db": "BID",
"id": "94595"
}
],
"trust": 0.3
},
"cve": "CVE-2016-8224",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 4.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.1,
"id": "CVE-2016-8224",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2016-11754",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 4.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.1,
"id": "VHN-97044",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:S/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 0.8,
"id": "CVE-2016-8224",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-8224",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-8224",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-11754",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-644",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-97044",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11754"
},
{
"db": "VULHUB",
"id": "VHN-97044"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006116"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-644"
},
{
"db": "NVD",
"id": "CVE-2016-8224"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Management Engine (ME) protections. This could result in a denial of service or privilege escalation attack on the system. LenovoNotebook and ThinkServer are products of China Lenovo. The former is the notebook series, the latter is the server series. A local elevation of privilege vulnerability exists in the LenovoNotebook and ThinkServer systems. \nA local attacker can leverage this issue to gain elevated privileges. There are security vulnerabilities in Lenovo Notebook and ThinkServer systems",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8224"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006116"
},
{
"db": "CNVD",
"id": "CNVD-2016-11754"
},
{
"db": "BID",
"id": "94595"
},
{
"db": "VULHUB",
"id": "VHN-97044"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8224",
"trust": 3.4
},
{
"db": "BID",
"id": "94595",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006116",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201611-644",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-11754",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-97044",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11754"
},
{
"db": "VULHUB",
"id": "VHN-97044"
},
{
"db": "BID",
"id": "94595"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006116"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-644"
},
{
"db": "NVD",
"id": "CVE-2016-8224"
}
]
},
"id": "VAR-201611-0150",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11754"
},
{
"db": "VULHUB",
"id": "VHN-97044"
}
],
"trust": 1.18125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11754"
}
]
},
"last_update_date": "2024-11-23T23:02:32.688000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-9903",
"trust": 0.8,
"url": "https://support.lenovo.com/us/en/solutions/len_9903"
},
{
"title": "Patch for LenovoNotebook and ThinkServer Local Privilege Escalation Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/84823"
},
{
"title": "Lenovo Notebook and ThinkServer Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65922"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11754"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006116"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-644"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97044"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006116"
},
{
"db": "NVD",
"id": "CVE-2016-8224"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://support.lenovo.com/us/en/solutions/len_9903"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/94595"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8224"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8224"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/zh/solutions/len_9903"
},
{
"trust": 0.3,
"url": "http://www.lenovo.com/ca/en/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11754"
},
{
"db": "VULHUB",
"id": "VHN-97044"
},
{
"db": "BID",
"id": "94595"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006116"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-644"
},
{
"db": "NVD",
"id": "CVE-2016-8224"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-11754"
},
{
"db": "VULHUB",
"id": "VHN-97044"
},
{
"db": "BID",
"id": "94595"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006116"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-644"
},
{
"db": "NVD",
"id": "CVE-2016-8224"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11754"
},
{
"date": "2016-11-29T00:00:00",
"db": "VULHUB",
"id": "VHN-97044"
},
{
"date": "2016-11-30T00:00:00",
"db": "BID",
"id": "94595"
},
{
"date": "2016-12-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006116"
},
{
"date": "2016-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-644"
},
{
"date": "2016-11-29T20:59:02.437000",
"db": "NVD",
"id": "CVE-2016-8224"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11754"
},
{
"date": "2016-12-06T00:00:00",
"db": "VULHUB",
"id": "VHN-97044"
},
{
"date": "2016-12-20T02:04:00",
"db": "BID",
"id": "94595"
},
{
"date": "2016-12-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006116"
},
{
"date": "2016-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-644"
},
{
"date": "2024-11-21T02:59:01.197000",
"db": "NVD",
"id": "CVE-2016-8224"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "94595"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-644"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo Notebook and ThinkServer Service disruption in the system (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-006116"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-644"
}
],
"trust": 0.6
}
}
Vulnerability from fkie_nvd
Published
2017-07-17 19:29
Modified
2024-11-21 03:26
Severity ?
Summary
Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an attacker with physical or administrative access to a system to be able to flash the BIOS with an arbitrary image and potentially run malicious BIOS code.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:bios:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61D66F0D-6C60-4CF6-A509-C6FAC2E22F95",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:710s-13ikb\\/xiaoxin_air_13ikb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF203824-4977-4970-93FA-311FC0726DE8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:710s-13isk\\/xiaoxin_air_13:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA559DCA-5395-4205-916B-62A94E078788",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:k21-80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E56C7CE7-D4A0-4179-B65D-EA8EDA2F7299",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:k22-80\\/lenovo_v720-12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6817BA2D-2383-428F-941D-BCAC7A476818",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:k41-80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC9595C-D1DA-4769-9401-1D2430CE69CE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovo_ideapad_110-14ast:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63C6054-D0EE-4AED-B829-A2F676E89D86",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovo_ideapad_110-15ast:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E3F252A-E00B-40AA-8F02-7987D2102D4D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovo_ideapad_320-14ast:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD8431A-FFF2-4519-BCC3-80A8B76CC80E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovo_ideapad_320-15ast:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21481398-B4A5-4C7F-BA4F-A52D6C13756B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovo_xiaoxin_rui7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94BA3B3C-0E21-4877-8B0D-11E5FEF12384",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:miix_710-12ikb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE26E1F-D6B8-4ECD-86DE-D492BBC1FE64",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:miix_720-12ikb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E7697B-53B4-4A2A-B285-0620962A0E4A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:notebook_320-17ast:-:*:*:*:*:*:*:*",
"matchCriteriaId": "719BD6FE-DB95-4096-9829-33536AD077C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:rescuer_e520-15ikb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CC1D30D-C105-4BAF-9085-7E5C8D253A23",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:v110-14iap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FAED167E-15AF-4B45-952C-113726BCFAE0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:v110-15iap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "972B1468-D71C-449C-B392-4A62BA9BF835",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:v110-15ikb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9423385C-5562-4578-9602-C85ED87CB530",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:v110-15isk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7C41B17-C208-4A3A-BCC5-F7D4046A9249",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:yoga_710-11ikb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A573B96D-E21C-4869-A6CE-FDB3926875CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an attacker with physical or administrative access to a system to be able to flash the BIOS with an arbitrary image and potentially run malicious BIOS code."
},
{
"lang": "es",
"value": "Algunos sistemas notebook de la marca Lenovo no tienen protecciones de escritura configuradas apropiadamente en el BIOS del sistema. Esto podr\u00eda permitir a un atacante con acceso f\u00edsico o administrativo a un sistema para ser capaz de flashear el BIOS con una imagen arbitraria y potencialmente ejecutar c\u00f3digo BIOS malicioso."
}
],
"id": "CVE-2017-3754",
"lastModified": "2024-11-21T03:26:04.527",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-17T19:29:00.323",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-15084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-15084"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2017-3754
Vulnerability from cvelistv5
Published
2017-07-17 19:00
Modified
2024-09-16 18:12
Severity ?
EPSS score ?
Summary
Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an attacker with physical or administrative access to a system to be able to flash the BIOS with an arbitrary image and potentially run malicious BIOS code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/us/en/product_security/LEN-15084 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo Group Ltd. | Lenovo Notebook BIOS |
Version: Various |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:40.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-15084"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Lenovo Notebook BIOS",
"vendor": "Lenovo Group Ltd.",
"versions": [
{
"status": "affected",
"version": "Various"
}
]
}
],
"datePublic": "2017-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an attacker with physical or administrative access to a system to be able to flash the BIOS with an arbitrary image and potentially run malicious BIOS code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "BIOS Write Protections Improperly Configured",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-17T18:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-15084"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2017-07-13T00:00:00",
"ID": "CVE-2017-3754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Lenovo Notebook BIOS",
"version": {
"version_data": [
{
"version_value": "Various"
}
]
}
}
]
},
"vendor_name": "Lenovo Group Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an attacker with physical or administrative access to a system to be able to flash the BIOS with an arbitrary image and potentially run malicious BIOS code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "BIOS Write Protections Improperly Configured"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-15084",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/LEN-15084"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2017-3754",
"datePublished": "2017-07-17T19:00:00Z",
"dateReserved": "2016-12-16T00:00:00",
"dateUpdated": "2024-09-16T18:12:56.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}