Privilege Escalation Vulnerability in Lenovo Notebook and ThinkServer Systems
CVE-2016-8224

4.4MEDIUM

Key Information:

Vendor: Lenovo
Status: Lenovo Notebook Models 110-14ibr/110-15ibr, B70-80, E31-80, E40-80, E41-80, E51-80, G40-80, G50-80, G50-80 Touch, Ideapad 300-14ibr/300-15ibr, Ideapad 300-14isk/300-15isk/300-17isk, Ideapad 510s-12isk, K21-80, K41-80, Miix 710-12ikb , Xiaoxin Air 12, Yoga 510-14isk/510-15isk, Yoga 710-11ikb, Yoga 710-11isk, Yoga 900-13isk, Yoga 900s-12isk; Thinkserver Models Thinkserver Ts150, Thinkserver Ts450
Vendor: CVE Published:; 29 November 2016

Summary

A security flaw exists in specific Lenovo Notebook and ThinkServer systems allowing an attacker with administrative access to install malicious software that bypasses Intel Management Engine protections. This exploit could lead to unauthorized privilege escalation, enabling the attacker to perform tasks with elevated permissions, or could potentially result in a denial of service on the affected systems, compromising their functionality.

Affected Version(s)

Lenovo Notebook models 110-14IBR/110-15IBR, B70-80, E31-80, E40-80, E41-80, E51-80, G40-80, G50-80, G50-80 Touch, Ideapad 300-14IBR/300-15IBR, Ideapad 300-14ISK/300-15ISK/300-17ISK, Ideapad 510S-12ISK, K21-80, K41-80, MIIX 710-12IKB , XiaoXin Air 12, YOGA 510-14ISK/510-15ISK, YOGA 710-11IKB, Yoga 710-11ISK, Yoga 900-13ISK, YOGA 900S-12ISK; ThinkServer models ThinkServer TS150, ThinkServer TS450 various

References

http://www.securityfocus.com/bid/94595

vdb-entryx_refsource_BID

https://support.lenovo.com/us/en/solutions/LEN_9903

x_refsource_CONFIRM

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 29, 2016
Vulnerability Reserved
Sep 16, 2016