Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveLenovoCVE-2020-8333
HistorySep 24, 2020 - 9:15 p.m.

CVE-2020-8333

2020-09-2421:15:15
lenovo
web.nvd.nist.gov
26
cve-2020-8333
vulnerability
smi callback function
eeprom driver
lenovo desktops
thinkstation
arbitrary code execution
nvd

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

12.6%

JSON

A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution

Affected configurations

Nvd
Node
lenovo63Match-
AND
lenovo63_firmwareRange<fckt98a
Node
lenovoh50-30gMatch-
AND
lenovoh50-30g_firmwareRange<fckt98a
Node
lenovom4500Match-
AND
lenovom4500_firmwareRange<fckt98a
Node
lenovom4550Match-
AND
lenovom4550_firmwareRange<fckt98a
Node
lenovoqitian_4500Match-
AND
lenovoqitian_4500_firmwareRange<fckt98a
Node
lenovoqitian_b4550Match-
AND
lenovoqitian_b4550_firmwareRange<fckt98a
Node
lenovoqitian_m4550Match-
AND
lenovoqitian_m4550_firmwareRange<fckt98a
Node
lenovothinkcentre_e73Match-
AND
lenovothinkcentre_e73_firmwareRange<fckt98a
Node
lenovothinkcentre_e73s_firmwareRange<fckt98a
AND
lenovothinkcentre_e73sMatch-
Node
lenovothinkcentre_e93_firmwareRange<fbktdea
AND
lenovothinkcentre_e93Match-
Node
lenovothinkcentre_m4500k_firmwareRange<fckt98a
AND
lenovothinkcentre_m4500kMatch-
Node
lenovothinkcentre_m4500q_firmwareRange<fhkt85a
AND
lenovothinkcentre_m4500qMatch-
Node
lenovothinkcentre_m4500t_firmwareRange<fckt98a
AND
lenovothinkcentre_m4500tMatch-
Node
lenovothinkcentre_m4500s_firmwareRange<fckt98a
AND
lenovothinkcentre_m4500sMatch-
Node
lenovoyangtian_afh81_firmwareRange<fckt98a
AND
lenovoyangtian_afh81Match-
Node
lenovoyangtian_mc_h81_firmwareRange<fckt98a
AND
lenovoyangtian_mc_h81Match-
Node
lenovoyangtian_mf_h81_pci_firmwareRange<fckt98a
AND
lenovoyangtian_mf_h81_pciMatch-
Node
lenovoyangtian_wf_h81_pci_firmwareRange<fckt98a
AND
lenovoyangtian_wf_h81_pciMatch-
Node
lenovoyangtian_tc_h81_pci_firmwareRange<fckt98a
AND
lenovoyangtian_tc_h81_pciMatch-
Node
lenovoyangtian_wcc_h81_pci_firmwareRange<fckt98a
AND
lenovoyangtian_wcc_h81_pciMatch-
Node
lenovothinkcentre_m9350z_firmwareRange<fekta2a
AND
lenovothinkcentre_m9350zMatch-
Node
lenovothinkcentre_m93z_firmwareRange<fekta2a
AND
lenovothinkcentre_m93zMatch-
Node
lenovothinkstation_c30_firmwareRange<a3kt70a
AND
lenovothinkstation_c30Match-
Node
lenovothinkstation_d30Match-
AND
lenovothinkstation_d30_firmwareRange<a3kt70a
Node
lenovothinkstation_e32_firmwareRange<fbktdea
AND
lenovothinkstation_e32Match-
Node
lenovothinkstation_p300_firmwareRange<a2kt70a
AND
lenovothinkstation_p300Match-
Node
lenovothinkstation_s30_firmwareRange<a2kt70a
AND
lenovothinkstation_s30Match-
VendorProductVersionCPE
lenovo63-cpe:2.3:h:lenovo:63:-:*:*:*:*:*:*:*
lenovo63_firmware*cpe:2.3:o:lenovo:63_firmware:*:*:*:*:*:*:*:*
lenovoh50-30g-cpe:2.3:h:lenovo:h50-30g:-:*:*:*:*:*:*:*
lenovoh50-30g_firmware*cpe:2.3:o:lenovo:h50-30g_firmware:*:*:*:*:*:*:*:*
lenovom4500-cpe:2.3:h:lenovo:m4500:-:*:*:*:*:*:*:*
lenovom4500_firmware*cpe:2.3:o:lenovo:m4500_firmware:*:*:*:*:*:*:*:*
lenovom4550-cpe:2.3:h:lenovo:m4550:-:*:*:*:*:*:*:*
lenovom4550_firmware*cpe:2.3:o:lenovo:m4550_firmware:*:*:*:*:*:*:*:*
lenovoqitian_4500-cpe:2.3:h:lenovo:qitian_4500:-:*:*:*:*:*:*:*
lenovoqitian_4500_firmware*cpe:2.3:o:lenovo:qitian_4500_firmware:*:*:*:*:*:*:*:*
Rows per page:
1-10 of 541

CNA Affected

[
  {
    "product": "BIOS",
    "vendor": "Lenovo",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  }
]

Related

nvd 1
prion 1
cvelist 1
lenovo 1
nvd
nvd
CVE-2020-8333
2020-09-24 21:15:15
prion
prion
Code injection
2020-09-24 21:15:00
cvelist
cvelist
CVE-2020-8333
2020-09-24 21:05:26
lenovo
lenovo
Multi-vendor BIOS Security Vulnerabilities (June 2020) - Lenovo Support US
2020-06-04 20:26:21

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

12.6%

JSON
Related for CVE-2020-8333
nvd1prion1cvelist1lenovo1