Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-8333

A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution

Published

2020-09-24T21:15:15.873

Last Modified

2024-11-21T05:38:43.713

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.4 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	lenovo	63_firmware	< fckt98a	Yes
Hardware	lenovo	63	-	No
Operating System	lenovo	h50-30g_firmware	< fckt98a	Yes
Hardware	lenovo	h50-30g	-	No
Operating System	lenovo	m4500_firmware	< fckt98a	Yes
Hardware	lenovo	m4500	-	No
Operating System	lenovo	m4550_firmware	< fckt98a	Yes
Hardware	lenovo	m4550	-	No
Operating System	lenovo	qitian_4500_firmware	< fckt98a	Yes
Hardware	lenovo	qitian_4500	-	No
Operating System	lenovo	qitian_b4550_firmware	< fckt98a	Yes
Hardware	lenovo	qitian_b4550	-	No
Operating System	lenovo	qitian_m4550_firmware	< fckt98a	Yes
Hardware	lenovo	qitian_m4550	-	No
Operating System	lenovo	thinkcentre_e73_firmware	< fckt98a	Yes
Hardware	lenovo	thinkcentre_e73	-	No
Operating System	lenovo	thinkcentre_e73s_firmware	< fckt98a	Yes
Hardware	lenovo	thinkcentre_e73s	-	No
Operating System	lenovo	thinkcentre_e93_firmware	< fbktdea	Yes
Hardware	lenovo	thinkcentre_e93	-	No
Operating System	lenovo	thinkcentre_m4500k_firmware	< fckt98a	Yes
Hardware	lenovo	thinkcentre_m4500k	-	No
Operating System	lenovo	thinkcentre_m4500q_firmware	< fhkt85a	Yes
Hardware	lenovo	thinkcentre_m4500q	-	No
Operating System	lenovo	thinkcentre_m4500t_firmware	< fckt98a	Yes
Hardware	lenovo	thinkcentre_m4500t	-	No
Operating System	lenovo	thinkcentre_m4500s_firmware	< fckt98a	Yes
Hardware	lenovo	thinkcentre_m4500s	-	No
Operating System	lenovo	yangtian_afh81_firmware	< fckt98a	Yes
Hardware	lenovo	yangtian_afh81	-	No
Operating System	lenovo	yangtian_mc_h81_firmware	< fckt98a	Yes
Hardware	lenovo	yangtian_mc_h81	-	No
Operating System	lenovo	yangtian_mf_h81_pci_firmware	< fckt98a	Yes
Hardware	lenovo	yangtian_mf_h81_pci	-	No
Operating System	lenovo	yangtian_wf_h81_pci_firmware	< fckt98a	Yes
Hardware	lenovo	yangtian_wf_h81_pci	-	No
Operating System	lenovo	yangtian_tc_h81_pci_firmware	< fckt98a	Yes
Hardware	lenovo	yangtian_tc_h81_pci	-	No
Operating System	lenovo	yangtian_wcc_h81_pci_firmware	< fckt98a	Yes
Hardware	lenovo	yangtian_wcc_h81_pci	-	No
Operating System	lenovo	thinkcentre_m9350z_firmware	< fekta2a	Yes
Hardware	lenovo	thinkcentre_m9350z	-	No
Operating System	lenovo	thinkcentre_m93z_firmware	< fekta2a	Yes
Hardware	lenovo	thinkcentre_m93z	-	No
Operating System	lenovo	thinkstation_c30_firmware	< a3kt70a	Yes
Hardware	lenovo	thinkstation_c30	-	No
Operating System	lenovo	thinkstation_d30_firmware	< a3kt70a	Yes
Hardware	lenovo	thinkstation_d30	-	No
Operating System	lenovo	thinkstation_e32_firmware	< fbktdea	Yes
Hardware	lenovo	thinkstation_e32	-	No
Operating System	lenovo	thinkstation_p300_firmware	< a2kt70a	Yes
Hardware	lenovo	thinkstation_p300	-	No
Operating System	lenovo	thinkstation_s30_firmware	< a2kt70a	Yes
Hardware	lenovo	thinkstation_s30	-	No

References

https://support.lenovo.com/us/en/product_security/LEN-30042 Patch, Vendor Advisory ([email protected])
https://support.lenovo.com/us/en/product_security/LEN-30042 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)