Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code.
2018-05-04T17:29:00.223
2024-11-21T03:26:06.720
Modified
CVSSv3.0: 6.4 (MEDIUM)
AV:L/AC:M/Au:N/C:C/I:C/A:C
3.4
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | lenovo | flex_system_x240_m5_bios | < 2.61 | Yes |
| Hardware | lenovo | flex_system_x240_m5 | - | No |
| Operating System | lenovo | flex_system_x280_x6_bios | < 4.21 | Yes |
| Hardware | lenovo | flex_system_x280_x6 | - | No |
| Operating System | lenovo | flex_system_x480_x6_bios | < 4.21 | Yes |
| Hardware | lenovo | flex_system_x480_x6 | - | No |
| Operating System | lenovo | flex_system_x880_bios | < 4.21 | Yes |
| Hardware | lenovo | flex_system_x880 | - | No |
| Operating System | lenovo | nextscale_nx360_m5_bios | < 2.61 | Yes |
| Hardware | lenovo | nextscale_nx360_m5 | - | No |
| Operating System | lenovo | system_x3250_m6_bios | < 2.23 | Yes |
| Hardware | lenovo | system_x3250_m6 | - | No |
| Operating System | lenovo | system_x3500_m5_bios | < 2.61 | Yes |
| Hardware | lenovo | system_x3500_m5 | - | No |
| Operating System | lenovo | system_x3550_m5_bios | < 2.61 | Yes |
| Hardware | lenovo | system_x3550_m5 | - | No |
| Operating System | lenovo | system_x3650_m5_bios | < 2.61 | Yes |
| Hardware | lenovo | system_x3650_m5 | - | No |
| Operating System | lenovo | system_x3850_x6_bios | < 4.3 | Yes |
| Hardware | lenovo | system_x3850_x6 | - | No |
| Operating System | lenovo | system_x3950_x6_bios | < 4.3 | Yes |
| Hardware | lenovo | system_x3950_x6 | - | No |