CVSS: 4.6EPSS: 0%CPEs: 57EXPL: 0CVE-2016-8224
https://notcve.org/view.php?id=CVE-2016-8224
A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Management Engine (ME) protections. This could result in a denial of service or privilege escalation attack on the system. Una vulnerabilidad ha sido identificada en algunos sistemas Lenovo Notebook y ThinkServer donde un atacante con privilegios administrativos en un sistema podría instalar un programa que evita protecciones Intel Management Engine (ME). Esto podría resultar en una denegación de servicio o ataque de escalamiento de privilegios en el sistema. • http://www.securityfocus.com/bid/94595 https://support.lenovo.com/us/en/solutions/LEN_9903 • CWE-310: Cryptographic Issues •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0CVE-2016-5247
https://notcve.org/view.php?id=CVE-2016-5247
The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540 devices; and ThinkStation E32, P300, and P310 devices might allow local users or physically proximate attackers to bypass the Secure Boot protection mechanism by leveraging an AMI test key. El BIOS para Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93 y dispositivos M93P; ThinkServer RQ940, RS140, TS140, TS240, TS440 y dispositivos TS540; y ThinkStation E32, P300 y dispositivos P310 podría permitir a usuarios locales o atacantes físicamente próximos eludir el mecanismo de protección Secure Boot mediante el aprovechamiento de una llave test AMI. • http://www.securityfocus.com/bid/92661 https://support.lenovo.com/product_security/PS500067 • CWE-254: 7PK - Security Features •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5729
https://notcve.org/view.php?id=CVE-2016-5729
Lenovo BIOS EFI Driver allows local administrators to execute arbitrary code with System Management Mode (SMM) privileges via unspecified vectors. Lenovo BIOS EFI Driver permite a administradores locales ejecutar código arbitrario con privilegios de System Management Mode (SMM) a través de vectores no especificados. • http://www.securityfocus.com/bid/91536 https://support.lenovo.com/us/en/product_security/len_4901 • CWE-264: Permissions, Privileges, and Access Controls •