CVE-2016-8106

A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions.

Published: 2017-01-09 Last update: 2026-05-06 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2016-8106 is rated Moderate Risk (58.1/100): CVSS Medium severity, with high exploitation likelihood (EPSS 5.13%, 91th percentile). EPSS ranks this CVE among the most likely to be exploited in the near term. EPSS rose +2.55% over the last day, indicating growing attacker interest. High exploitation likelihood—assess exposure and prioritize remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2016-8106

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 2.58% 5.13% +2.55%
2 2025-09-12 3.47% 2.58% -0.89%
3 2025-03-30 3.47%

Full EPSS history (8 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2016-8106

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
5.9 3.0 MEDIUM
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:H)
Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:N)
Doesn’t really leak secrets in a meaningful way.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
 2.2 3.6 [email protected]
4.3 2.0 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:N)
No confidentiality impact.
Integrity impact (I:N)
No integrity impact.
Availability impact (A:P)
Partial availability impact.
 8.6 2.9 [email protected]

Weakness enumeration for CVE-2016-8106

OS Trackers for CVE-2016-8106

vendor priority summary link
redhat medium https://access.redhat.com/security/cve/CVE-2016-8106

Affected software / configurations for CVE-2016-8106

Vendor Product Version Raw CPE
intel ethernet_controller_x710_firmware <= 5.04 cpe:2.3:o:intel:ethernet_controller_x710_firmware:*:*:*:*:*:*:*:*
intel ethernet_controller_xl710_firmware <= 5.04 cpe:2.3:o:intel:ethernet_controller_xl710_firmware:*:*:*:*:*:*:*:*
hp ethernet_10gb_2-port_562flr-sfp\+ cpe:2.3:a:hp:ethernet_10gb_2-port_562flr-sfp\+:*:*:*:*:*:*:*:*
hp ethernet_10gb_2-port_562sfp\+ cpe:2.3:a:hp:ethernet_10gb_2-port_562sfp\+:*:*:*:*:*:*:*:*
hp ethernet_10gb_4-port_563sfp\+ cpe:2.3:a:hp:ethernet_10gb_4-port_563sfp\+:*:*:*:*:*:*:*:*
hp proliant_xl260a_g9_server cpe:2.3:a:hp:proliant_xl260a_g9_server:*:*:*:*:*:*:*:*
lenovo converged_hx_series 5.05 cpe:2.3:a:lenovo:converged_hx_series:5.05:*:*:*:*:*:*:*
lenovo converged_hx5500_appliance 5.05 cpe:2.3:a:lenovo:converged_hx5500_appliance:5.05:*:*:*:*:*:*:*
lenovo converged_hx5510_appliance 5.05 cpe:2.3:a:lenovo:converged_hx5510_appliance:5.05:*:*:*:*:*:*:*
lenovo converged_hx7500_appliance 5.05 cpe:2.3:a:lenovo:converged_hx7500_appliance:5.05:*:*:*:*:*:*:*
lenovo converged_hx7510_appliance 5.05 cpe:2.3:a:lenovo:converged_hx7510_appliance:5.05:*:*:*:*:*:*:*
lenovo nextscale_nx360_m5 5.05 cpe:2.3:a:lenovo:nextscale_nx360_m5:5.05:*:*:*:*:*:*:*
lenovo system_x3250_m5 5.05 cpe:2.3:a:lenovo:system_x3250_m5:5.05:*:*:*:*:*:*:*
lenovo system_x3500_m5 5.05 cpe:2.3:a:lenovo:system_x3500_m5:5.05:*:*:*:*:*:*:*
lenovo system_x3550_m5 5.05 cpe:2.3:a:lenovo:system_x3550_m5:5.05:*:*:*:*:*:*:*
lenovo system_x3650_m5 5.05 cpe:2.3:a:lenovo:system_x3650_m5:5.05:*:*:*:*:*:*:*
lenovo system_x3750_m4 5.05 cpe:2.3:a:lenovo:system_x3750_m4:5.05:*:*:*:*:*:*:*
lenovo system_x3850_x6 5.05 cpe:2.3:a:lenovo:system_x3850_x6:5.05:*:*:*:*:*:*:*
lenovo system_x3950_x6 5.05 cpe:2.3:a:lenovo:system_x3950_x6:5.05:*:*:*:*:*:*:*
lenovo thinkagile_cx2200 5.05 cpe:2.3:a:lenovo:thinkagile_cx2200:5.05:*:*:*:*:*:*:*
lenovo thinkagile_cx4200 5.05 cpe:2.3:a:lenovo:thinkagile_cx4200:5.05:*:*:*:*:*:*:*
lenovo thinkagile_cx4600 5.05 cpe:2.3:a:lenovo:thinkagile_cx4600:5.05:*:*:*:*:*:*:*
lenovo thinkserver_rd350 5.05 cpe:2.3:a:lenovo:thinkserver_rd350:5.05:*:*:*:*:*:*:*
lenovo thinkserver_rd450 5.05 cpe:2.3:a:lenovo:thinkserver_rd450:5.05:*:*:*:*:*:*:*
lenovo thinkserver_rd550 5.05 cpe:2.3:a:lenovo:thinkserver_rd550:5.05:*:*:*:*:*:*:*
lenovo thinkserver_rd650 5.05 cpe:2.3:a:lenovo:thinkserver_rd650:5.05:*:*:*:*:*:*:*
lenovo thinkserver_sd350 5.05 cpe:2.3:a:lenovo:thinkserver_sd350:5.05:*:*:*:*:*:*:*
lenovo thinkserver_td350 5.05 cpe:2.3:a:lenovo:thinkserver_td350:5.05:*:*:*:*:*:*:*

References for CVE-2016-8106

cvelogic Threat Intelligence