cnvd - cnvd-2017-02404

CNVD-2017-02404

Vulnerability from cnvd - Published: 2017-03-05

Title

多款Lenovo产品拒绝服务漏洞

Description

联想Flex System x240 M5等是中国联想（Lenovo）公司的服务器。多款Lenovo产品存在拒绝服务漏洞。攻击者可通过更新数据结构利用该漏洞造成系统拒绝服务。

Severity

中

Patch Name

多款Lenovo产品拒绝服务漏洞的补丁

Patch Description

联想Flex System x240 M5等是中国联想（Lenovo）公司的服务器。多款Lenovo产品存在拒绝服务漏洞。攻击者可通过更新数据结构利用该漏洞造成系统拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://support.lenovo.com/us/zh/solutions/LEN-11306

Reference

https://support.lenovo.com/us/en/solutions/LEN-11306

Impacted products

Name
['Lenovo System x3950 X6 bios 0', 'Lenovo System x3850 X6 bios 0', 'Lenovo System x3650 M5 bios 0', 'Lenovo System x3550 M5 bios 0', 'Lenovo System x3500 M5 bios 0', 'Lenovo System x3250 M6 bios 0', 'Lenovo NeXtScale nx360 M5 bios 0', 'Lenovo Flex System x880 X6 bios 0', 'Lenovo Flex System x480 X6 bios 0', 'Lenovo Flex System x280 X6 bios 0', 'Lenovo Flex System x240 M5 bios 0']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "95844"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-8226"
    }
  },
  "description": "\u8054\u60f3Flex System x240 M5\u7b49\u662f\u4e2d\u56fd\u8054\u60f3\uff08Lenovo\uff09\u516c\u53f8\u7684\u670d\u52a1\u5668\u3002\r\n\r\n\u591a\u6b3eLenovo\u4ea7\u54c1\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u66f4\u65b0\u6570\u636e\u7ed3\u6784\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u7cfb\u7edf\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Lenovo",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.lenovo.com/us/zh/solutions/LEN-11306",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-02404",
  "openTime": "2017-03-05",
  "patchDescription": "\u8054\u60f3Flex System x240 M5\u7b49\u662f\u4e2d\u56fd\u8054\u60f3\uff08Lenovo\uff09\u516c\u53f8\u7684\u670d\u52a1\u5668\u3002\r\n\r\n\u591a\u6b3eLenovo\u4ea7\u54c1\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u66f4\u65b0\u6570\u636e\u7ed3\u6784\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u7cfb\u7edf\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eLenovo\u4ea7\u54c1\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Lenovo System x3950 X6 bios 0",
      "Lenovo System x3850 X6 bios 0",
      "Lenovo System x3650 M5 bios 0",
      "Lenovo System x3550 M5 bios 0",
      "Lenovo System x3500 M5 bios 0",
      "Lenovo System x3250 M6 bios 0",
      "Lenovo NeXtScale nx360 M5 bios 0",
      "Lenovo Flex System x880 X6 bios 0",
      "Lenovo Flex System x480 X6 bios 0",
      "Lenovo Flex System x280 X6 bios 0",
      "Lenovo Flex System x240 M5 bios 0"
    ]
  },
  "referenceLink": "https://support.lenovo.com/us/en/solutions/LEN-11306",
  "serverity": "\u4e2d",
  "submitTime": "2017-02-22",
  "title": "\u591a\u6b3eLenovo\u4ea7\u54c1\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CVE-2016-8226 (GCVE-0-2016-8226)

Vulnerability from cvelistv5 – Published: 2017-01-26 17:00 – Updated: 2024-08-06 02:13

Summary

The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure.

Severity ?

No CVSS data available.

CWE

Denial of service

Assigner

lenovo

References

URL

Tags

	http://www.securityfocus.com/bid/95844	vdb-entryx_refsource_BID
	https://support.lenovo.com/us/en/solutions/LEN-11306	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Lenovo Group Ltd.	System X M5, M6, and X6 BIOS	Affected: various

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:13:21.974Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "95844",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95844"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.lenovo.com/us/en/solutions/LEN-11306"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "System X M5, M6, and X6 BIOS",
          "vendor": "Lenovo Group Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        }
      ],
      "datePublic": "2016-12-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-01-31T10:57:01",
        "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "shortName": "lenovo"
      },
      "references": [
        {
          "name": "95844",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95844"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.lenovo.com/us/en/solutions/LEN-11306"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@lenovo.com",
          "ID": "CVE-2016-8226",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "System X M5, M6, and X6 BIOS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "various"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Lenovo Group Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "95844",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95844"
            },
            {
              "name": "https://support.lenovo.com/us/en/solutions/LEN-11306",
              "refsource": "CONFIRM",
              "url": "https://support.lenovo.com/us/en/solutions/LEN-11306"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
    "assignerShortName": "lenovo",
    "cveId": "CVE-2016-8226",
    "datePublished": "2017-01-26T17:00:00",
    "dateReserved": "2016-09-16T00:00:00",
    "dateUpdated": "2024-08-06T02:13:21.974Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-02404

CVE-2016-8226 (GCVE-0-2016-8226)

Tags

Sightings

Nomenclature