cvelistv5 - cve-2016-8226

cve-2016-8226

Vulnerability from cvelistv5

Published

2017-01-26 17:00

Modified

2024-08-06 02:13

Severity ?

Summary

The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure.

References

URL	Tags
psirt@lenovo.com	http://www.securityfocus.com/bid/95844
psirt@lenovo.com	https://support.lenovo.com/us/en/solutions/LEN-11306	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/95844
af854a3a-2127-422b-91ae-364da2661108	https://support.lenovo.com/us/en/solutions/LEN-11306	Vendor Advisory

Impacted products

Vendor

Product

Version

▼

Lenovo Group Ltd.

System X M5, M6, and X6 BIOS

Version: various

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:13:21.974Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "95844",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95844"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.lenovo.com/us/en/solutions/LEN-11306"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "System X M5, M6, and X6 BIOS",
          "vendor": "Lenovo Group Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        }
      ],
      "datePublic": "2016-12-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-01-31T10:57:01",
        "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "shortName": "lenovo"
      },
      "references": [
        {
          "name": "95844",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95844"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.lenovo.com/us/en/solutions/LEN-11306"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@lenovo.com",
          "ID": "CVE-2016-8226",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "System X M5, M6, and X6 BIOS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "various"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Lenovo Group Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "95844",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95844"
            },
            {
              "name": "https://support.lenovo.com/us/en/solutions/LEN-11306",
              "refsource": "CONFIRM",
              "url": "https://support.lenovo.com/us/en/solutions/LEN-11306"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
    "assignerShortName": "lenovo",
    "cveId": "CVE-2016-8226",
    "datePublished": "2017-01-26T17:00:00",
    "dateReserved": "2016-09-16T00:00:00",
    "dateUpdated": "2024-08-06T02:13:21.974Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lenovo:flex_system_x240_m5_bios:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9890ABFC-FBBD-410C-96EC-AFECF8BBD512\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lenovo:flex_system_x280_m6_bios:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ED0CFE0C-FF0F-4E4A-A1B9-1504BFB9AB40\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lenovo:flex_system_x480_x6_bios:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4BD06EA-C238-45F6-9987-C5F49964D2A2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lenovo:flex_system_x880_x6_bios:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5491BF1-A801-4452-AC8A-501622CA47EC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lenovo:nextscale_nx360_m5_bios:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8F8243CB-E206-444E-962E-1AE09A125581\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lenovo:system_x3250_m6_bios:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6FCEE0E9-94A2-4B23-80DB-1730BEDABA7E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lenovo:system_x3500_m5_bios:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"17880B73-331D-4193-85C3-D0A25DD101A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lenovo:system_x3550_m5_bios:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"687F2F54-963E-41AD-9E28-D733B6F1BA1B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lenovo:system_x3650_m5_bios:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5DC02B48-5758-4A96-B865-8F4D460592E6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lenovo:system_x3850_x6_bios:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"17988802-7824-43EF-86AC-7AC05D1FFF26\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lenovo:system_x3950_x6_bios:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"95DA7C73-1B66-4494-98FA-146EC460D4F9\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure.\"}, {\"lang\": \"es\", \"value\": \"La BIOS en sistemas Lenovo System X M5, M6 y X6, permite a administradores provocar una denegaci\\u00f3n de servicio a trav\\u00e9s de la actualizaci\\u00f3n de una estructura de datos UEFI.\"}]",
      "id": "CVE-2016-8226",
      "lastModified": "2024-11-21T02:59:01.427",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 4.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:N/I:N/A:C\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-01-26T17:59:00.180",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/95844\", \"source\": \"psirt@lenovo.com\"}, {\"url\": \"https://support.lenovo.com/us/en/solutions/LEN-11306\", \"source\": \"psirt@lenovo.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/95844\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.lenovo.com/us/en/solutions/LEN-11306\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@lenovo.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-19\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-8226\",\"sourceIdentifier\":\"psirt@lenovo.com\",\"published\":\"2017-01-26T17:59:00.180\",\"lastModified\":\"2024-11-21T02:59:01.427\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure.\"},{\"lang\":\"es\",\"value\":\"La BIOS en sistemas Lenovo System X M5, M6 y X6, permite a administradores provocar una denegaci\u00f3n de servicio a trav\u00e9s de la actualizaci\u00f3n de una estructura de datos UEFI.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":4.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:N/A:C\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-19\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lenovo:flex_system_x240_m5_bios:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9890ABFC-FBBD-410C-96EC-AFECF8BBD512\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lenovo:flex_system_x280_m6_bios:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED0CFE0C-FF0F-4E4A-A1B9-1504BFB9AB40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lenovo:flex_system_x480_x6_bios:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4BD06EA-C238-45F6-9987-C5F49964D2A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lenovo:flex_system_x880_x6_bios:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5491BF1-A801-4452-AC8A-501622CA47EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lenovo:nextscale_nx360_m5_bios:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F8243CB-E206-444E-962E-1AE09A125581\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lenovo:system_x3250_m6_bios:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FCEE0E9-94A2-4B23-80DB-1730BEDABA7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lenovo:system_x3500_m5_bios:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17880B73-331D-4193-85C3-D0A25DD101A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lenovo:system_x3550_m5_bios:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"687F2F54-963E-41AD-9E28-D733B6F1BA1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lenovo:system_x3650_m5_bios:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DC02B48-5758-4A96-B865-8F4D460592E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lenovo:system_x3850_x6_bios:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17988802-7824-43EF-86AC-7AC05D1FFF26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lenovo:system_x3950_x6_bios:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95DA7C73-1B66-4494-98FA-146EC460D4F9\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/95844\",\"source\":\"psirt@lenovo.com\"},{\"url\":\"https://support.lenovo.com/us/en/solutions/LEN-11306\",\"source\":\"psirt@lenovo.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/95844\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.lenovo.com/us/en/solutions/LEN-11306\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

gsd-2016-8226

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure.

Aliases

CVE-2016-8226

Aliases

CVE-2016-8226

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-8226",
    "description": "The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure.",
    "id": "GSD-2016-8226"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-8226"
      ],
      "details": "The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure.",
      "id": "GSD-2016-8226",
      "modified": "2023-12-13T01:21:22.717712Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@lenovo.com",
        "ID": "CVE-2016-8226",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "System X M5, M6, and X6 BIOS",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "various"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Lenovo Group Ltd."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Denial of service"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "95844",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/95844"
          },
          {
            "name": "https://support.lenovo.com/us/en/solutions/LEN-11306",
            "refsource": "CONFIRM",
            "url": "https://support.lenovo.com/us/en/solutions/LEN-11306"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:lenovo:system_x3550_m5_bios:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:lenovo:system_x3500_m5_bios:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:lenovo:system_x3950_x6_bios:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:lenovo:flex_system_x880_x6_bios:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:lenovo:flex_system_x280_m6_bios:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:lenovo:system_x3850_x6_bios:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:lenovo:system_x3650_m5_bios:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:lenovo:flex_system_x240_m5_bios:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:lenovo:flex_system_x480_x6_bios:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:lenovo:system_x3250_m6_bios:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:lenovo:nextscale_nx360_m5_bios:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@lenovo.com",
          "ID": "CVE-2016-8226"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-19"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.lenovo.com/us/en/solutions/LEN-11306",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.lenovo.com/us/en/solutions/LEN-11306"
            },
            {
              "name": "95844",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/95844"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.2,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2017-02-01T02:59Z",
      "publishedDate": "2017-01-26T17:59Z"
    }
  }
}

ghsa-r36x-m74h-q43p

Vulnerability from github

Published

2022-05-17 03:02

Modified

2022-05-17 03:02

Severity ?

4.9 (Medium) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Details

The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-8226"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-01-26T17:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure.",
  "id": "GHSA-r36x-m74h-q43p",
  "modified": "2022-05-17T03:02:29Z",
  "published": "2022-05-17T03:02:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8226"
    },
    {
      "type": "WEB",
      "url": "https://support.lenovo.com/us/en/solutions/LEN-11306"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/95844"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure. Multiple Lenovo products are prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause a denial of service condition. Lenovo Flex System x240 M5 and others are servers from Lenovo of China. BIOS is one of the basic input input systems. There are security vulnerabilities in the BIOS of several Lenovo products. The following products are affected: Lenevo Flex System x240 M5; Flex System x280 X6; Flex System x480 X6; Flex System x880 X6; NeXtScale nx360 M5; System x3950 X6

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201701-0355",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "flex system x280 m6 bios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "system x3850 x6 bios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "system x3650 m5 bios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "flex system x880 x6 bios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "system x3250 m6 bios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "system x3950 x6 bios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "flex system x240 m5 bios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "system x3550 m5 bios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "system x3500 m5 bios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "nextscale nx360 m5 bios",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "flex system x480 x6 bios",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "flex system x240 m5",
        "scope": null,
        "trust": 0.8,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "flex system x280 x6",
        "scope": null,
        "trust": 0.8,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "flex system x480 x6",
        "scope": null,
        "trust": 0.8,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "flex system x880 x6",
        "scope": null,
        "trust": 0.8,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "nextscale nx360 m5",
        "scope": null,
        "trust": 0.8,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "system x3250 m6",
        "scope": null,
        "trust": 0.8,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "system x3500 m5",
        "scope": null,
        "trust": 0.8,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "system x3550 m5",
        "scope": null,
        "trust": 0.8,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "system x3650 m5",
        "scope": null,
        "trust": 0.8,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "system x3850 x6",
        "scope": null,
        "trust": 0.8,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "system x3950 x6",
        "scope": null,
        "trust": 0.8,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "system bios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "x3950x60"
      },
      {
        "model": "system bios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "x3850x60"
      },
      {
        "model": "system m5 bios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "x36500"
      },
      {
        "model": "system m5 bios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "x35500"
      },
      {
        "model": "system m5 bios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "x35000"
      },
      {
        "model": "system m6 bios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "x32500"
      },
      {
        "model": "nextscale nx360 m5 bios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "flex system bios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "x880x60"
      },
      {
        "model": "flex system bios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "x480x60"
      },
      {
        "model": "flex system bios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "x280x60"
      },
      {
        "model": "flex system m5 bios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "x2400"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "95844"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007080"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8226"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-169"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:lenovo:system_x3550_m5_bios:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:lenovo:system_x3500_m5_bios:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:lenovo:system_x3950_x6_bios:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:lenovo:flex_system_x880_x6_bios:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:lenovo:flex_system_x280_m6_bios:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:lenovo:system_x3850_x6_bios:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:lenovo:system_x3650_m5_bios:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:lenovo:flex_system_x240_m5_bios:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:lenovo:flex_system_x480_x6_bios:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:lenovo:system_x3250_m6_bios:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:lenovo:nextscale_nx360_m5_bios:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-8226"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Lenovo",
    "sources": [
      {
        "db": "BID",
        "id": "95844"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-8226",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 6.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-8226",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "VHN-97046",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 1.2,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 4.9,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-8226",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-8226",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201702-169",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-97046",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-97046"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007080"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8226"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-169"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure. Multiple Lenovo products are prone to a denial-of-service vulnerability. \nAttackers can exploit this issue to cause a denial of service condition. Lenovo Flex System x240 M5 and others are servers from Lenovo of China. BIOS is one of the basic input input systems. There are security vulnerabilities in the BIOS of several Lenovo products. The following products are affected: Lenevo Flex System x240 M5; Flex System x280 X6; Flex System x480 X6; Flex System x880 X6; NeXtScale nx360 M5; System x3950 X6",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-8226"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007080"
      },
      {
        "db": "BID",
        "id": "95844"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97046"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-8226",
        "trust": 2.8
      },
      {
        "db": "LENOVO",
        "id": "LEN-11306",
        "trust": 2.0
      },
      {
        "db": "BID",
        "id": "95844",
        "trust": 2.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007080",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-169",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-97046",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-97046"
      },
      {
        "db": "BID",
        "id": "95844"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007080"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8226"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-169"
      }
    ]
  },
  "id": "VAR-201701-0355",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-97046"
      }
    ],
    "trust": 0.45238096000000005
  },
  "last_update_date": "2023-12-18T12:05:01.179000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "LEN-11306",
        "trust": 0.8,
        "url": "https://support.lenovo.com/jp/ja/solutions/len-11306"
      },
      {
        "title": "A variety of Lenovo products BIOS Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=68245"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007080"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-169"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-19",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-97046"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007080"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8226"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://support.lenovo.com/us/en/solutions/len-11306"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/95844"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8226"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8226"
      },
      {
        "trust": 0.3,
        "url": "http://www.lenovo.com/ca/en/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-97046"
      },
      {
        "db": "BID",
        "id": "95844"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007080"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8226"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-169"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-97046"
      },
      {
        "db": "BID",
        "id": "95844"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007080"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8226"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-169"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-01-26T00:00:00",
        "db": "VULHUB",
        "id": "VHN-97046"
      },
      {
        "date": "2016-12-15T00:00:00",
        "db": "BID",
        "id": "95844"
      },
      {
        "date": "2017-02-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-007080"
      },
      {
        "date": "2017-01-26T17:59:00.180000",
        "db": "NVD",
        "id": "CVE-2016-8226"
      },
      {
        "date": "2017-01-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201702-169"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-02-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-97046"
      },
      {
        "date": "2017-02-02T06:03:00",
        "db": "BID",
        "id": "95844"
      },
      {
        "date": "2017-02-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-007080"
      },
      {
        "date": "2017-02-01T02:59:02.937000",
        "db": "NVD",
        "id": "CVE-2016-8226"
      },
      {
        "date": "2017-02-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201702-169"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-169"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Lenovo System Product  BIOS Denial of service in Japan  (DoS) Vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007080"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-169"
      }
    ],
    "trust": 0.6
  }
}

cve-2016-8226

Vulnerability from fkie_nvd

Published

2017-01-26 17:59

Modified

2024-11-21 02:59

Severity ?

4.9 (Medium) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Summary

The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure.

References

URL	Tags
psirt@lenovo.com	http://www.securityfocus.com/bid/95844
psirt@lenovo.com	https://support.lenovo.com/us/en/solutions/LEN-11306	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/95844
af854a3a-2127-422b-91ae-364da2661108	https://support.lenovo.com/us/en/solutions/LEN-11306	Vendor Advisory

Impacted products

Vendor	Product	Version
lenovo	flex_system_x240_m5_bios	-
lenovo	flex_system_x280_m6_bios	-
lenovo	flex_system_x480_x6_bios	-
lenovo	flex_system_x880_x6_bios	-
lenovo	nextscale_nx360_m5_bios	-
lenovo	system_x3250_m6_bios	-
lenovo	system_x3500_m5_bios	-
lenovo	system_x3550_m5_bios	-
lenovo	system_x3650_m5_bios	-
lenovo	system_x3850_x6_bios	-
lenovo	system_x3950_x6_bios	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:lenovo:flex_system_x240_m5_bios:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9890ABFC-FBBD-410C-96EC-AFECF8BBD512",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lenovo:flex_system_x280_m6_bios:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED0CFE0C-FF0F-4E4A-A1B9-1504BFB9AB40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lenovo:flex_system_x480_x6_bios:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4BD06EA-C238-45F6-9987-C5F49964D2A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lenovo:flex_system_x880_x6_bios:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5491BF1-A801-4452-AC8A-501622CA47EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lenovo:nextscale_nx360_m5_bios:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F8243CB-E206-444E-962E-1AE09A125581",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lenovo:system_x3250_m6_bios:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FCEE0E9-94A2-4B23-80DB-1730BEDABA7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lenovo:system_x3500_m5_bios:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17880B73-331D-4193-85C3-D0A25DD101A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lenovo:system_x3550_m5_bios:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "687F2F54-963E-41AD-9E28-D733B6F1BA1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lenovo:system_x3650_m5_bios:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DC02B48-5758-4A96-B865-8F4D460592E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lenovo:system_x3850_x6_bios:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17988802-7824-43EF-86AC-7AC05D1FFF26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lenovo:system_x3950_x6_bios:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "95DA7C73-1B66-4494-98FA-146EC460D4F9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure."
    },
    {
      "lang": "es",
      "value": "La BIOS en sistemas Lenovo System X M5, M6 y X6, permite a administradores provocar una denegaci\u00f3n de servicio a trav\u00e9s de la actualizaci\u00f3n de una estructura de datos UEFI."
    }
  ],
  "id": "CVE-2016-8226",
  "lastModified": "2024-11-21T02:59:01.427",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-01-26T17:59:00.180",
  "references": [
    {
      "source": "psirt@lenovo.com",
      "url": "http://www.securityfocus.com/bid/95844"
    },
    {
      "source": "psirt@lenovo.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.lenovo.com/us/en/solutions/LEN-11306"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/95844"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.lenovo.com/us/en/solutions/LEN-11306"
    }
  ],
  "sourceIdentifier": "psirt@lenovo.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-19"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2016-8226

Vulnerability from cvelistv5

gsd-2016-8226

Vulnerability from gsd

ghsa-r36x-m74h-q43p

Vulnerability from github

var-201701-0355

Vulnerability from variot

cve-2016-8226

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature