CVE-2016-5247
First published: Thu Sep 22 2016(Updated: )
The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540 devices; and ThinkStation E32, P300, and P310 devices might allow local users or physically proximate attackers to bypass the Secure Boot protection mechanism by leveraging an AMI test key.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lenovo BIOS EFI Driver | ||
| Lenovo ThinkCentre E93 (SFF) | ||
| Lenovo ThinkCentre M6500T/S | ||
| Lenovo ThinkCentre M6600 Firmware | ||
| Lenovo ThinkCentre M6600 | ||
| Lenovo ThinkCentre M6600t/s | ||
| Lenovo ThinkCentre M73p Firmware | ||
| Lenovo ThinkCentre M800 Firmware | ||
| Lenovo ThinkCentre M83 Firmware | ||
| Lenovo ThinkCentre M8500t/s | ||
| Lenovo ThinkCentre M8600T/S | ||
| Lenovo ThinkCentre M900 Firmware | ||
| Lenovo ThinkCentre M93 | ||
| Lenovo ThinkCentre M93p (TWR) Firmware | ||
| Lenovo ThinkServer RQ940 | ||
| Lenovo ThinkServer RS140 Firmware | ||
| Lenovo ThinkServer TS140 Firmware | ||
| Lenovo ThinkServer TS240 Firmware | ||
| Lenovo ThinkServer TS440 | ||
| Lenovo ThinkServer TS540 | ||
| Lenovo ThinkStation E32 Firmware | ||
| Lenovo ThinkStation P300 Firmware | ||
| Lenovo Thinkstation P310 Workstation |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-5247?
CVE-2016-5247 is rated as a moderate severity vulnerability.
How do I fix CVE-2016-5247?
To fix CVE-2016-5247, update the BIOS to the latest version provided by Lenovo.
Which devices are affected by CVE-2016-5247?
CVE-2016-5247 affects various Lenovo ThinkCentre, ThinkServer, and ThinkStation devices.
Can CVE-2016-5247 be exploited remotely?
CVE-2016-5247 requires local or physical access, making remote exploitation unlikely.
What is the impact of CVE-2016-5247?
The impact of CVE-2016-5247 allows local users to bypass certain security measures.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/lenovo
- canonical/lenovo bios efi driver
- canonical/lenovo thinkcentre e93 (sff)
- canonical/lenovo thinkcentre m6500t/s
- canonical/lenovo thinkcentre m6600 firmware
- canonical/lenovo thinkcentre m6600
- canonical/lenovo thinkcentre m6600t/s
- canonical/lenovo thinkcentre m73p firmware
- canonical/lenovo thinkcentre m800 firmware
- canonical/lenovo thinkcentre m83 firmware
- canonical/lenovo thinkcentre m8500t/s
- canonical/lenovo thinkcentre m8600t/s
- canonical/lenovo thinkcentre m900 firmware
- canonical/lenovo thinkcentre m93
- canonical/lenovo thinkcentre m93p (twr) firmware
- canonical/lenovo thinkserver rq940
- canonical/lenovo thinkserver rs140 firmware
- canonical/lenovo thinkserver ts140 firmware
- canonical/lenovo thinkserver ts240 firmware
- canonical/lenovo thinkserver ts440
- canonical/lenovo thinkserver ts540
- canonical/lenovo thinkstation e32 firmware
- canonical/lenovo thinkstation p300 firmware
- canonical/lenovo thinkstation p310 workstation