Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-8224

A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Management Engine (ME) protections. This could result in a denial of service or privilege escalation attack on the system.

Published

2016-11-29T20:59:02.437

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 4.4 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:S/C:N/I:N/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: COMPLETE

Exploitability Score

3.1

Impact Score

6.9

Weaknesses

Type: Primary
CWE-310

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	lenovo	bios	-	Yes
Operating System	lenovo	notebook_110_14ibr_bios	-	Yes
Operating System	lenovo	notebook_110_15ibr_bios	-	Yes
Operating System	lenovo	notebook_b70_80_bios	-	Yes
Operating System	lenovo	notebook_e31_80_bios	-	Yes
Operating System	lenovo	notebook_e40_80_bios	-	Yes
Operating System	lenovo	notebook_e41_80_bios	-	Yes
Operating System	lenovo	notebook_e51_80_bios	-	Yes
Operating System	lenovo	notebook_g40_80_bios	-	Yes
Operating System	lenovo	notebook_g50_80_bios	-	Yes
Operating System	lenovo	notebook_g50_80_touch_bios	-	Yes
Operating System	lenovo	notebook_ideapad_300_14ibr_bios	-	Yes
Operating System	lenovo	notebook_ideapad_300_14isk_bios	-	Yes
Operating System	lenovo	notebook_ideapad_300_15ibr_bios	-	Yes
Operating System	lenovo	notebook_ideapad_300_15isk_bios	-	Yes
Operating System	lenovo	notebook_ideapad_300_17isk_bios	-	Yes
Operating System	lenovo	notebook_ideapad_510s_12isk_bios	-	Yes
Operating System	lenovo	notebook_k21_80_bios	-	Yes
Operating System	lenovo	notebook_k41_80_bios	-	Yes
Operating System	lenovo	notebook_miix_710_12ikb_bios	-	Yes
Operating System	lenovo	notebook_xiaoxin_air_12_bios	-	Yes
Operating System	lenovo	notebook_yoga_510_14isk_bios	-	Yes
Operating System	lenovo	notebook_yoga_510_15isk_bios	-	Yes
Operating System	lenovo	notebook_yoga_710_11ikb_bios	-	Yes
Operating System	lenovo	notebook_yoga_710_11isk_bios	-	Yes
Operating System	lenovo	notebook_yoga_900_13isk_bios	-	Yes
Operating System	lenovo	notebook_yoga_900s_12isk_bios	-	Yes
Operating System	lenovo	thinkserver_ts150_bios	-	Yes
Operating System	lenovo	thinkserver_ts450_bios	-	Yes
Hardware	lenovo	notebook_110_14ibr	-	No
Hardware	lenovo	notebook_110_15ibr	-	No
Hardware	lenovo	notebook_b70_80	-	No
Hardware	lenovo	notebook_e31_80	-	No
Hardware	lenovo	notebook_e40_80	-	No
Hardware	lenovo	notebook_e41_80	-	No
Hardware	lenovo	notebook_e51_80	-	No
Hardware	lenovo	notebook_g40_80	-	No
Hardware	lenovo	notebook_g50_80	-	No
Hardware	lenovo	notebook_g50_80_touch	-	No
Hardware	lenovo	notebook_ideapad_300_14ibr	-	No
Hardware	lenovo	notebook_ideapad_300_14isk	-	No
Hardware	lenovo	notebook_ideapad_300_15ibr	-	No
Hardware	lenovo	notebook_ideapad_300_15isk	-	No
Hardware	lenovo	notebook_ideapad_300_17isk	-	No
Hardware	lenovo	notebook_ideapad_510s_12isk	-	No
Hardware	lenovo	notebook_k21_80	-	No
Hardware	lenovo	notebook_k41_80	-	No
Hardware	lenovo	notebook_miix_710_12ikb	-	No
Hardware	lenovo	notebook_xiaoxin_air_12	-	No
Hardware	lenovo	notebook_yoga_510_14isk	-	No
Hardware	lenovo	notebook_yoga_510_15isk	-	No
Hardware	lenovo	notebook_yoga_710_11ikb	-	No
Hardware	lenovo	notebook_yoga_710_11isk	-	No
Hardware	lenovo	notebook_yoga_900_13isk	-	No
Hardware	lenovo	notebook_yoga_900s_12isk	-	No
Hardware	lenovo	thinkserver_ts150	-	No
Hardware	lenovo	thinkserver_ts450	-	No

References

http://www.securityfocus.com/bid/94595 ([email protected])
https://support.lenovo.com/us/en/solutions/LEN_9903 Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/94595 (af854a3a-2127-422b-91ae-364da2661108)
https://support.lenovo.com/us/en/solutions/LEN_9903 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)