CVE-2020-8320

EPSS 0.05%
Published 09.06.2020 20:15:22
Last modified 21.11.2024 05:38:42
Source psirt@lenovo.com
Teams watchlist Login
Open Login

An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege.

Affected products Warnungen 0 Metrics 4 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Lenovo ≫ Thinkpad 11e Yoga Gen 6 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad 11e Yoga Gen 6 Version-

Lenovo ≫ Thinkpad 11e Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad 11e Version-

Lenovo ≫ Thinkpad Yoga 11e 3rd Gen Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad Yoga 11e 3rd Gen Version-

Lenovo ≫ Thinkpad Yoga 11e 4th Gen Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad Yoga 11e 4th Gen Version-

Lenovo ≫ Thinkpad Yoga 11e 5th Gen Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad Yoga 11e 5th Gen Version-

Lenovo ≫ Thinkpad 13 2nd Gen Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad 13 2nd Gen Version-

Lenovo ≫ Thinkpad 13 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad 13 Version-

Lenovo ≫ Thinkpad A275 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad A275 Version-

Lenovo ≫ Thinkpad A285 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad A285 Version-

Lenovo ≫ Thinkpad A475 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad A475 Version-

Lenovo ≫ Thinkpad A485 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad A485 Version-

Lenovo ≫ Thinkpad E14 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad E14 Version-

Lenovo ≫ Thinkpad E15 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad E15 Version-

Lenovo ≫ Thinkpad R14 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad R14 Version-

Lenovo ≫ Thinkpad S3 Gen 2 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad S3 Gen 2 Version-

Lenovo ≫ Thinkpad E455 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad E455 Version-

Lenovo ≫ Thinkpad E555 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad E555 Version-

Lenovo ≫ Thinkpad E460 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad E460 Version-

Lenovo ≫ Thinkpad E560 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad E560 Version-

Lenovo ≫ Thinkpad E465 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad E465 Version-

Lenovo ≫ Thinkpad E565 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad E565 Version-

Lenovo ≫ Thinkpad E470 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad E470 Version-

Lenovo ≫ Thinkpad E570 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad E570 Version-

Lenovo ≫ Thinkpad E475 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad E475 Version-

Lenovo ≫ Thinkpad E575 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad E575 Version-

Lenovo ≫ Thinkpad E480 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad E480 Version-

Lenovo ≫ Thinkpad E580 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad E580 Version-

Lenovo ≫ Thinkpad E485 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad E485 Version-

Lenovo ≫ Thinkpad E585 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad E585 Version-

Lenovo ≫ Thinkpad E490s Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad E490s Version-

Lenovo ≫ Thinkpad S3 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad S3 Version-

Lenovo ≫ Thinkpad E490 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad E490 Version-

Lenovo ≫ Thinkpad E590 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad E590 Version-

Lenovo ≫ Thinkpad R490 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad R490 Version-

Lenovo ≫ Thinkpad R590 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad R590 Version-

Lenovo ≫ Thinkpad L13 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad L13 Version-

Lenovo ≫ Thinkpad L1415 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad L1415 Version-

Lenovo ≫ Thinkpad L380 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad L380 Version-

Lenovo ≫ Thinkpad S3 3rd Gen Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad S3 3rd Gen Version-

Lenovo ≫ Thinkpad L380 Yoga Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad L380 Yoga Version-

Lenovo ≫ Thinkpad S2 Yoga 3rd Gen Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad S2 Yoga 3rd Gen Version-

Lenovo ≫ Thinkpad L390 Yoga Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad L390 Yoga Version-

Lenovo ≫ Thinkpad S2 Yoga 4th Gen Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad S2 Yoga 4th Gen Version-

Lenovo ≫ Thinkpad L460 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad L460 Version-

Lenovo ≫ Thinkpad L470 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad L470 Version-

Lenovo ≫ Thinkpad L480 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad L480 Version-

Lenovo ≫ Thinkpad L580 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad L580 Version-

Lenovo ≫ Thinkpad L490 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad L490 Version-

Lenovo ≫ Thinkpad L590 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad L590 Version-

Lenovo ≫ Thinkpad L560 Firmware Version < 2020-07-03

Lenovo ≫ Thinkpad L560 Version-

Lenovo ≫ Thinkpad L570 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad L570 Version-

Lenovo ≫ Thinkpad P1 Firmware Version < n2eet46w

Lenovo ≫ Thinkpad P1 Version-

Lenovo ≫ Thinkpad P43s Firmware Version < n2iet87w

Lenovo ≫ Thinkpad P43s Version-

Lenovo ≫ Thinkpad P50 Firmware Version < 2020-07-17

Lenovo ≫ Thinkpad P50 Version-

Lenovo ≫ Thinkpad P50s Firmware Version < 2020-07-24

Lenovo ≫ Thinkpad P50s Version-

Lenovo ≫ Thinkpad P51 Firmware Version < 2020-07-03

Lenovo ≫ Thinkpad P51 Version-

Lenovo ≫ Thinkpad P51s Firmware Version < 2020-07-03

Lenovo ≫ Thinkpad P51s Version-

Lenovo ≫ Thinkpad P52 Firmware Version < n2cet51w

Lenovo ≫ Thinkpad P52 Version-

Lenovo ≫ Thinkpad P52s Firmware Version < 2020-07-03

Lenovo ≫ Thinkpad P52s Version-

Lenovo ≫ Thinkpad P53 Firmware Version < n2net37w

Lenovo ≫ Thinkpad P53 Version-

Lenovo ≫ Thinkpad P53s Firmware Version < n2iet87w

Lenovo ≫ Thinkpad P53s Version-

Lenovo ≫ Thinkpad P70 Firmware Version < 2020-07-17

Lenovo ≫ Thinkpad P70 Version-

Lenovo ≫ Thinkpad P71 Firmware Version <= 2020-07-17

Lenovo ≫ Thinkpad P71 Version-

Lenovo ≫ Thinkpad P72 Firmware Version < n2cet51w

Lenovo ≫ Thinkpad P72 Version-

Lenovo ≫ Thinkpad P73 Firmware Version < n2net37w

Lenovo ≫ Thinkpad P73 Version-

Lenovo ≫ Thinkpad S5 2nd Gen Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad S5 2nd Gen Version-

Lenovo ≫ Thinkpad S5 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad S5 Version-

Lenovo ≫ Thinkpad E560p Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad E560p Version-

Lenovo ≫ Thinkpad T25 Firmware Version < n1qet87w

Lenovo ≫ Thinkpad T25 Version-

Lenovo ≫ Thinkpad T460 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad T460 Version-

Lenovo ≫ Thinkpad T460p Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad T460p Version-

Lenovo ≫ Thinkpad T460s Firmware Version < 2020-06-19

Lenovo ≫ Thinkpad T460s Version-

Lenovo ≫ Thinkpad T470 Firmware Version < n1qet87w

Lenovo ≫ Thinkpad T470 Version-

Lenovo ≫ Thinkpad T470p Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad T470p Version-

Lenovo ≫ Thinkpad T470s Firmware Version < n1wet58w

Lenovo ≫ Thinkpad T470s Version-

Lenovo ≫ Thinkpad T480 Firmware Version < n24et56w

Lenovo ≫ Thinkpad T480 Version-

Lenovo ≫ Thinkpad T480s Firmware Version < n22et62w

Lenovo ≫ Thinkpad T480s Version-

Lenovo ≫ Thinkpad T490 Firmware Version < n2iet87w

Lenovo ≫ Thinkpad T490 Version-

Lenovo ≫ Thinkpad T490s Firmware Version < n2jet87w

Lenovo ≫ Thinkpad T490s Version-

Lenovo ≫ Thinkpad T560 Firmware Version < 2020-07-24

Lenovo ≫ Thinkpad T560 Version-

Lenovo ≫ Thinkpad T570 Firmware Version < 2020-07-03

Lenovo ≫ Thinkpad T570 Version-

Lenovo ≫ Thinkpad T580 Firmware Version < 2020-07-03

Lenovo ≫ Thinkpad T580 Version-

Lenovo ≫ Thinkpad T590 Firmware Version < n2iet87w

Lenovo ≫ Thinkpad T590 Version-

Lenovo ≫ Thinkpad X1 Carbon Firmware Version < n1met60w

Lenovo ≫ Thinkpad X1 Carbon Version-

Lenovo ≫ Thinkpad X1 Yoga Firmware Version < 2020-07-17

Lenovo ≫ Thinkpad X1 Yoga Version-

Lenovo ≫ Thinkpad X1 Extreme Firmware Version < n2oet43w

Lenovo ≫ Thinkpad X1 Extreme Version-

Lenovo ≫ Thinkpad X1 Tablet Firmware Version < 2020-07-24

Lenovo ≫ Thinkpad X1 Tablet Version-

Lenovo ≫ Thinkpad X1 Yoga Firmware Version < 2020-07-17

Lenovo ≫ Thinkpad X1 Yoga Version-

Lenovo ≫ Thinkpad X260 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad X260 Version-

Lenovo ≫ Thinkpad X270 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad X270 Version-

Lenovo ≫ Thinkpad X280 Firmware Version < n20et52w

Lenovo ≫ Thinkpad X280 Version-

Lenovo ≫ Thinkpad X380 Yoga Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad X380 Yoga Version-

Lenovo ≫ Thinkpad X390 Firmware Version < 2020-07-07

Lenovo ≫ Thinkpad X390 Version-

Lenovo ≫ Thinkpad X390 Yoga Firmware Version < 2020-06-24

Lenovo ≫ Thinkpad X390 Yoga Version-

Lenovo ≫ Thinkpad X395 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad X395 Version-

Lenovo ≫ Thinkpad Yoga 260 Firmware Version < 2020-07-07

Lenovo ≫ Thinkpad Yoga 260 Version-

Lenovo ≫ Thinkpad S1 Firmware Version < 2020-07-07

Lenovo ≫ Thinkpad S1 Version-

Lenovo ≫ Thinkpad Yoga 370 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad Yoga 370 Version-

Lenovo ≫ Thinkpad S1 3rd Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad S1 3rd Version-

Lenovo ≫ Thinkpad T495 Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad T495 Version-

Lenovo ≫ Thinkpad T495s Firmware Version < 2020-07-10

Lenovo ≫ Thinkpad T495s Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.112

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	0.9	5.9	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P
psirt@lenovo.com	6.4	0.5	5.9	CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CWE-489 Active Debug Code

The product is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.

https://support.lenovo.com/us/en/product_security/LEN-30042

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-8320

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-8320

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-8320

EUVD