CVE-2016-8224

Name: CVE-2016-8224
Creator: NVD / NIST
Published: 2016-11-29T20:59:02.437+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.30%

Last modified Jun 17, 2026

CVE-2016-8224 is a vulnerability of currently unknown severity. A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Management Engine (ME) protections. This could result in a denial of service or privilege escalation attack on the system.. EPSS estimates a 0.30% chance of exploitation in the next 30 days.

Description

A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Management Engine (ME) protections. This could result in a denial of service or privilege escalation attack on the system.

Metrics

EPSS Probability

0.30%

21.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-310

Affected Software

Vendor	Product	Versions
Lenovo	Bios	All versions
Lenovo	Notebook 110 14ibr Bios	All versions
Lenovo	Notebook 110 15ibr Bios	All versions
Lenovo	Notebook B70 80 Bios	All versions
Lenovo	Notebook E31 80 Bios	All versions
Lenovo	Notebook E40 80 Bios	All versions
Lenovo	Notebook E41 80 Bios	All versions
Lenovo	Notebook E51 80 Bios	All versions
Lenovo	Notebook G40 80 Bios	All versions
Lenovo	Notebook G50 80 Bios	All versions
Lenovo	Notebook G50 80 Touch Bios	All versions
Lenovo	Notebook Ideapad 300 14ibr Bios	All versions
Lenovo	Notebook Ideapad 300 14isk Bios	All versions
Lenovo	Notebook Ideapad 300 15ibr Bios	All versions
Lenovo	Notebook Ideapad 300 15isk Bios	All versions
Lenovo	Notebook Ideapad 300 17isk Bios	All versions
Lenovo	Notebook Ideapad 510s 12isk Bios	All versions
Lenovo	Notebook K21 80 Bios	All versions
Lenovo	Notebook K41 80 Bios	All versions
Lenovo	Notebook Miix 710 12ikb Bios	All versions
Lenovo	Notebook Xiaoxin Air 12 Bios	All versions
Lenovo	Notebook Yoga 510 14isk Bios	All versions
Lenovo	Notebook Yoga 510 15isk Bios	All versions
Lenovo	Notebook Yoga 710 11ikb Bios	All versions
Lenovo	Notebook Yoga 710 11isk Bios	All versions
Lenovo	Notebook Yoga 900 13isk Bios	All versions
Lenovo	Notebook Yoga 900s 12isk Bios	All versions
Lenovo	Thinkserver Ts150 Bios	All versions
Lenovo	Thinkserver Ts450 Bios	All versions

References

http://www.securityfocus.com/bid/94595
https://support.lenovo.com/us/en/solutions/LEN_9903Vendor Advisory
http://www.securityfocus.com/bid/94595
https://support.lenovo.com/us/en/solutions/LEN_9903Vendor Advisory

Timeline

Published: Nov 29, 2016
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2016-8224?

How severe is CVE-2016-8224?

Severity scoring for CVE-2016-8224 is pending analysis. The EPSS model estimates a 0.30% probability of exploitation in the next 30 days.

How do I fix CVE-2016-8224?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2016-8224?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST