6.9
CVE-2020-8332
- EPSS 0.04%
- Published 14.10.2020 22:15:13
- Last modified 21.11.2024 05:38:43
- Source psirt@lenovo.com
- Teams watchlist Login
- Open Login
A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Servers operating in UEFI mode are not affected.
Data is provided by the National Vulnerability Database (NVD)
Lenovo ≫ Bladecenter Hs23 Firmware Version < tke170b
Lenovo ≫ Bladecenter Hs23e Firmware Version < ahe172b
Lenovo ≫ Compute Node-x440 Firmware Version < cge128a
Lenovo ≫ Flex System X220 Firmware Version < kse170b
Lenovo ≫ Flex System X240 Firmware Version < b2e172b
Lenovo ≫ Flex System X440 Firmware Version < cne172b
Lenovo ≫ Nextscale Nx360 M4 Firmware Version < fhe132b
Lenovo ≫ System X3300 M4 Firmware Version < yae166b
Lenovo ≫ System X3500 M4 Firmware Version < y5e170b
Lenovo ≫ System X3530 M4 Firmware Version < bee174b
Lenovo ≫ System X3550 M4 Firmware Version < d7e174b
Lenovo ≫ System X3630 M4 Firmware Version < bee174b
Lenovo ≫ System X3650 M4 Firmware Version < vve172b
Lenovo ≫ System X3650 M4 Bd Firmware Version < vve172b
Lenovo ≫ System X3650 M4 Hd Firmware Version < vve172b
Lenovo ≫ System X3750 M4 Firmware Version < a5e130a
Lenovo ≫ System X3750 M4 Firmware Version < koe170b
Lenovo ≫ Idataplex Dx360 M4 Firmware Version < tde168b
Lenovo ≫ Idataplex Dx360 M4 Water Cooled Firmware Version < tde168b
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.065 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.4 | 0.5 | 5.9 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.9 | 3.4 | 10 |
AV:L/AC:M/Au:N/C:C/I:C/A:C
|
| psirt@lenovo.com | 6.4 | 0.5 | 5.9 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.