1. Home
  2. CVE Database
  3. CVE-2016-5247
HIGH · 7.8

CVE-2016-5247

The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540 devic...

Vulnerability Description

The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540 devices; and ThinkStation E32, P300, and P310 devices might allow local users or physically proximate attackers to bypass the Secure Boot protection mechanism by leveraging an AMI test key.

CVSS Score

7.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
LenovoBios-
LenovoThinkcentre E93-
LenovoThinkcentre M6500T\/S-
LenovoThinkcentre M6600-
LenovoThinkcentre M6600Q-
LenovoThinkcentre M6600T\/S-
LenovoThinkcentre M73P-
LenovoThinkcentre M800-
LenovoThinkcentre M83-
LenovoThinkcentre M8500T\/S-
LenovoThinkcentre M8600T\/S-
LenovoThinkcentre M900-
LenovoThinkcentre M93-
LenovoThinkcentre M93P-
LenovoThinkserver Rq940-
LenovoThinkserver Rs140-
LenovoThinkserver Ts140-
LenovoThinkserver Ts240-
LenovoThinkserver Ts440-
LenovoThinkserver Ts540-

Related Weaknesses (CWE)

CWE-254

References

FAQ

What is CVE-2016-5247?

CVE-2016-5247 is a vulnerability with a CVSS score of 7.8 (HIGH). The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540 devic...

How severe is CVE-2016-5247?

CVE-2016-5247 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-5247?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Bios, Lenovo Thinkcentre E93, Lenovo Thinkcentre M6500T\/S, Lenovo Thinkcentre M6600, Lenovo Thinkcentre M6600Q.