CVE-2016-8226 - Vulnerability Details

Vendors	Products
Lenovo	Flex System X240 M5 Bios Flex System X280 M6 Bios Flex System X480 X6 Bios Flex System X880 X6 Bios Nextscale Nx360 M5 Bios System X3250 M6 Bios System X3500 M5 Bios System X3550 M5 Bios System X3650 M5 Bios System X3850 X6 Bios System X3950 X6 Bios

Link	Providers
http://www.securityfocus.com/bid/95844
https://support.lenovo.com/us/en/solutions/LEN-11306

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "System X M5, M6, and X6 BIOS", "vendor": "Lenovo Group Ltd.", "versions": [{"status": "affected", "version": "various"}]}], "datePublic": "2016-12-15T00:00:00", "descriptions": [{"lang": "en", "value": "The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure."}], "problemTypes": [{"descriptions": [{"description": "Denial of service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-01-31T10:57:01", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo"}, "references": [{"name": "95844", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/95844"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.lenovo.com/us/en/solutions/LEN-11306"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@lenovo.com", "ID": "CVE-2016-8226", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "System X M5, M6, and X6 BIOS", "version": {"version_data": [{"version_value": "various"}]}}]}, "vendor_name": "Lenovo Group Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of service"}]}]}, "references": {"reference_data": [{"name": "95844", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95844"}, {"name": "https://support.lenovo.com/us/en/solutions/LEN-11306", "refsource": "CONFIRM", "url": "https://support.lenovo.com/us/en/solutions/LEN-11306"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:13:21.974Z"}, "title": "CVE Program Container", "references": [{"name": "95844", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/95844"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.lenovo.com/us/en/solutions/LEN-11306"}]}]}, "cveMetadata": {"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2016-8226", "datePublished": "2017-01-26T17:00:00", "dateReserved": "2016-09-16T00:00:00", "dateUpdated": "2024-08-06T02:13:21.974Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : System X M5, M6, and X6 BIOS (string)

vendor : Lenovo Group Ltd. (string)

versions : [ »

0 : { »

status : affected (string)

version : various (string)

}

]

}

]

datePublic : 2016-12-15T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Denial of service (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-01-31T10:57:01 (string)

orgId : da227ddf-6e25-4b41-b023-0f976dcaca4b (string)

shortName : lenovo (string)

}

references : [ »

0 : { »

name : 95844 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/95844 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://support.lenovo.com/us/en/solutions/LEN-11306 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : psirt@lenovo.com (string)

ID : CVE-2016-8226 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : System X M5, M6, and X6 BIOS (string)

version : { »

version_data : [ »

0 : { »

version_value : various (string)

}

]

}

]

}

vendor_name : Lenovo Group Ltd. (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Denial of service (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : 95844 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/95844 (string)

}

1 : { »

name : https://support.lenovo.com/us/en/solutions/LEN-11306 (string)

refsource : CONFIRM (string)

url : https://support.lenovo.com/us/en/solutions/LEN-11306 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T02:13:21.974Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : 95844 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/95844 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://support.lenovo.com/us/en/solutions/LEN-11306 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : da227ddf-6e25-4b41-b023-0f976dcaca4b (string)

assignerShortName : lenovo (string)

cveId : CVE-2016-8226 (string)

datePublished : 2017-01-26T17:00:00 (string)

dateReserved : 2016-09-16T00:00:00 (string)

dateUpdated : 2024-08-06T02:13:21.974Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lenovo:flex_system_x240_m5_bios:-:*:*:*:*:*:*:*", "matchCriteriaId": "9890ABFC-FBBD-410C-96EC-AFECF8BBD512", "vulnerable": true}, {"criteria": "cpe:2.3:a:lenovo:flex_system_x280_m6_bios:-:*:*:*:*:*:*:*", "matchCriteriaId": "ED0CFE0C-FF0F-4E4A-A1B9-1504BFB9AB40", "vulnerable": true}, {"criteria": "cpe:2.3:a:lenovo:flex_system_x480_x6_bios:-:*:*:*:*:*:*:*", "matchCriteriaId": "A4BD06EA-C238-45F6-9987-C5F49964D2A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:lenovo:flex_system_x880_x6_bios:-:*:*:*:*:*:*:*", "matchCriteriaId": "D5491BF1-A801-4452-AC8A-501622CA47EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:lenovo:nextscale_nx360_m5_bios:-:*:*:*:*:*:*:*", "matchCriteriaId": "8F8243CB-E206-444E-962E-1AE09A125581", "vulnerable": true}, {"criteria": "cpe:2.3:a:lenovo:system_x3250_m6_bios:-:*:*:*:*:*:*:*", "matchCriteriaId": "6FCEE0E9-94A2-4B23-80DB-1730BEDABA7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:lenovo:system_x3500_m5_bios:-:*:*:*:*:*:*:*", "matchCriteriaId": "17880B73-331D-4193-85C3-D0A25DD101A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:lenovo:system_x3550_m5_bios:-:*:*:*:*:*:*:*", "matchCriteriaId": "687F2F54-963E-41AD-9E28-D733B6F1BA1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:lenovo:system_x3650_m5_bios:-:*:*:*:*:*:*:*", "matchCriteriaId": "5DC02B48-5758-4A96-B865-8F4D460592E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:lenovo:system_x3850_x6_bios:-:*:*:*:*:*:*:*", "matchCriteriaId": "17988802-7824-43EF-86AC-7AC05D1FFF26", "vulnerable": true}, {"criteria": "cpe:2.3:a:lenovo:system_x3950_x6_bios:-:*:*:*:*:*:*:*", "matchCriteriaId": "95DA7C73-1B66-4494-98FA-146EC460D4F9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure."}, {"lang": "es", "value": "La BIOS en sistemas Lenovo System X M5, M6 y X6, permite a administradores provocar una denegaci\u00f3n de servicio a trav\u00e9s de la actualizaci\u00f3n de una estructura de datos UEFI."}], "id": "CVE-2016-8226", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-01-26T17:59:00.180", "references": [{"source": "psirt@lenovo.com", "url": "http://www.securityfocus.com/bid/95844"}, {"source": "psirt@lenovo.com", "tags": ["Vendor Advisory"], "url": "https://support.lenovo.com/us/en/solutions/LEN-11306"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/95844"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.lenovo.com/us/en/solutions/LEN-11306"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-19"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:lenovo:flex_system_x240_m5_bios:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 9890ABFC-FBBD-410C-96EC-AFECF8BBD512 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:lenovo:flex_system_x280_m6_bios:-:*:*:*:*:*:*:* (string)

matchCriteriaId : ED0CFE0C-FF0F-4E4A-A1B9-1504BFB9AB40 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:lenovo:flex_system_x480_x6_bios:-:*:*:*:*:*:*:* (string)

matchCriteriaId : A4BD06EA-C238-45F6-9987-C5F49964D2A2 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:lenovo:flex_system_x880_x6_bios:-:*:*:*:*:*:*:* (string)

matchCriteriaId : D5491BF1-A801-4452-AC8A-501622CA47EC (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:lenovo:nextscale_nx360_m5_bios:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 8F8243CB-E206-444E-962E-1AE09A125581 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:lenovo:system_x3250_m6_bios:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 6FCEE0E9-94A2-4B23-80DB-1730BEDABA7E (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:lenovo:system_x3500_m5_bios:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 17880B73-331D-4193-85C3-D0A25DD101A1 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:lenovo:system_x3550_m5_bios:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 687F2F54-963E-41AD-9E28-D733B6F1BA1B (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:lenovo:system_x3650_m5_bios:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 5DC02B48-5758-4A96-B865-8F4D460592E6 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:lenovo:system_x3850_x6_bios:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 17988802-7824-43EF-86AC-7AC05D1FFF26 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:lenovo:system_x3950_x6_bios:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 95DA7C73-1B66-4494-98FA-146EC460D4F9 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure. (string)

}

1 : { »

lang : es (string)

value : La BIOS en sistemas Lenovo System X M5, M6 y X6, permite a administradores provocar una denegación de servicio a través de la actualización de una estructura de datos UEFI. (string)

}

]

id : CVE-2016-8226 (string)

lastModified : 2025-04-20T01:37:25.860 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : COMPLETE (string)

baseScore : 6.8 (number)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:S/C:N/I:N/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 8 (number)

impactScore : 6.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 4.9 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 1.2 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2017-01-26T17:59:00.180 (string)

references : [ »

0 : { »

source : psirt@lenovo.com (string)

url : http://www.securityfocus.com/bid/95844 (string)

}

1 : { »

source : psirt@lenovo.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://support.lenovo.com/us/en/solutions/LEN-11306 (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securityfocus.com/bid/95844 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://support.lenovo.com/us/en/solutions/LEN-11306 (string)

}

]

sourceIdentifier : psirt@lenovo.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-19 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object