CVE-2016-8226 - OpenCVE

The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:S/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Lenovo	Flex System X240 M5 Bios Flex System X280 M6 Bios Flex System X480 X6 Bios Flex System X880 X6 Bios Nextscale Nx360 M5 Bios System X3250 M6 Bios System X3500 M5 Bios System X3550 M5 Bios System X3650 M5 Bios System X3850 X6 Bios System X3950 X6 Bios

Configuration 1 [-]

OR	cpe:2.3:a:lenovo:flex_system_x240_m5_bios:-:::::::*
	cpe:2.3:a:lenovo:flex_system_x280_m6_bios:-:::::::*
	cpe:2.3:a:lenovo:flex_system_x480_x6_bios:-:::::::*
	cpe:2.3:a:lenovo:flex_system_x880_x6_bios:-:::::::*
	cpe:2.3:a:lenovo:nextscale_nx360_m5_bios:-:::::::*
	cpe:2.3:a:lenovo:system_x3250_m6_bios:-:::::::*
	cpe:2.3:a:lenovo:system_x3500_m5_bios:-:::::::*
	cpe:2.3:a:lenovo:system_x3550_m5_bios:-:::::::*
	cpe:2.3:a:lenovo:system_x3650_m5_bios:-:::::::*
	cpe:2.3:a:lenovo:system_x3850_x6_bios:-:::::::*
	cpe:2.3:a:lenovo:system_x3950_x6_bios:-:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/95844
https://support.lenovo.com/us/en/solutions/LEN-11306

History

No history.

MITRE

Status: PUBLISHED

Assigner: lenovo

Published: 2017-01-26T17:00:00

Updated: 2024-08-06T02:13:21.974Z

Reserved: 2016-09-16T00:00:00

Link: CVE-2016-8226

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-01-26T17:59:00.180

Modified: 2017-02-01T02:59:02.937

Link: CVE-2016-8226

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "System X M5, M6, and X6 BIOS", "vendor": "Lenovo Group Ltd.", "versions": [{"status": "affected", "version": "various"}]}], "datePublic": "2016-12-15T00:00:00", "descriptions": [{"lang": "en", "value": "The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure."}], "problemTypes": [{"descriptions": [{"description": "Denial of service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-01-31T10:57:01", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo"}, "references": [{"name": "95844", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/95844"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.lenovo.com/us/en/solutions/LEN-11306"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@lenovo.com", "ID": "CVE-2016-8226", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "System X M5, M6, and X6 BIOS", "version": {"version_data": [{"version_value": "various"}]}}]}, "vendor_name": "Lenovo Group Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of service"}]}]}, "references": {"reference_data": [{"name": "95844", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95844"}, {"name": "https://support.lenovo.com/us/en/solutions/LEN-11306", "refsource": "CONFIRM", "url": "https://support.lenovo.com/us/en/solutions/LEN-11306"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:13:21.974Z"}, "title": "CVE Program Container", "references": [{"name": "95844", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/95844"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.lenovo.com/us/en/solutions/LEN-11306"}]}]}, "cveMetadata": {"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2016-8226", "datePublished": "2017-01-26T17:00:00", "dateReserved": "2016-09-16T00:00:00", "dateUpdated": "2024-08-06T02:13:21.974Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lenovo:flex_system_x240_m5_bios:-:*:*:*:*:*:*:*", "matchCriteriaId": "9890ABFC-FBBD-410C-96EC-AFECF8BBD512", "vulnerable": true}, {"criteria": "cpe:2.3:a:lenovo:flex_system_x280_m6_bios:-:*:*:*:*:*:*:*", "matchCriteriaId": "ED0CFE0C-FF0F-4E4A-A1B9-1504BFB9AB40", "vulnerable": true}, {"criteria": "cpe:2.3:a:lenovo:flex_system_x480_x6_bios:-:*:*:*:*:*:*:*", "matchCriteriaId": "A4BD06EA-C238-45F6-9987-C5F49964D2A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:lenovo:flex_system_x880_x6_bios:-:*:*:*:*:*:*:*", "matchCriteriaId": "D5491BF1-A801-4452-AC8A-501622CA47EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:lenovo:nextscale_nx360_m5_bios:-:*:*:*:*:*:*:*", "matchCriteriaId": "8F8243CB-E206-444E-962E-1AE09A125581", "vulnerable": true}, {"criteria": "cpe:2.3:a:lenovo:system_x3250_m6_bios:-:*:*:*:*:*:*:*", "matchCriteriaId": "6FCEE0E9-94A2-4B23-80DB-1730BEDABA7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:lenovo:system_x3500_m5_bios:-:*:*:*:*:*:*:*", "matchCriteriaId": "17880B73-331D-4193-85C3-D0A25DD101A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:lenovo:system_x3550_m5_bios:-:*:*:*:*:*:*:*", "matchCriteriaId": "687F2F54-963E-41AD-9E28-D733B6F1BA1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:lenovo:system_x3650_m5_bios:-:*:*:*:*:*:*:*", "matchCriteriaId": "5DC02B48-5758-4A96-B865-8F4D460592E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:lenovo:system_x3850_x6_bios:-:*:*:*:*:*:*:*", "matchCriteriaId": "17988802-7824-43EF-86AC-7AC05D1FFF26", "vulnerable": true}, {"criteria": "cpe:2.3:a:lenovo:system_x3950_x6_bios:-:*:*:*:*:*:*:*", "matchCriteriaId": "95DA7C73-1B66-4494-98FA-146EC460D4F9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure."}, {"lang": "es", "value": "La BIOS en sistemas Lenovo System X M5, M6 y X6, permite a administradores provocar una denegaci\u00f3n de servicio a trav\u00e9s de la actualizaci\u00f3n de una estructura de datos UEFI."}], "id": "CVE-2016-8226", "lastModified": "2017-02-01T02:59:02.937", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-01-26T17:59:00.180", "references": [{"source": "psirt@lenovo.com", "url": "http://www.securityfocus.com/bid/95844"}, {"source": "psirt@lenovo.com", "tags": ["Vendor Advisory"], "url": "https://support.lenovo.com/us/en/solutions/LEN-11306"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-19"}], "source": "nvd@nist.gov", "type": "Primary"}]}