Lucene search

[email protected]CVE-2020-8332

HistoryOct 14, 2020 - 10:15 p.m.

CVE-2020-8332

2020-10-1422:15:13

CWE-367

[email protected]

web.nvd.nist.gov

cve-2020-8332

vulnerability

smi callback function

legacy bios

usb drivers

lenovo

ibm

system x servers

arbitrary code execution

nvd

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Servers operating in UEFI mode are not affected.

Affected configurations

NVD

Node

lenovobladecenter_hs23Match-

AND

lenovobladecenter_hs23_firmwareRange<tke170b

Node

lenovobladecenter_hs23eMatch-

AND

lenovobladecenter_hs23e_firmwareRange<ahe172b

Node

lenovocompute_node-x440Match-

AND

lenovocompute_node-x440_firmwareRange<cge128a

Node

lenovoflex_system_x220Match-

AND

lenovoflex_system_x220_firmwareRange<kse170b

Node

lenovoflex_system_x240Match-

AND

lenovoflex_system_x240_firmwareRange<b2e172b

Node

lenovoflex_system_x440Match-

AND

lenovoflex_system_x440_firmwareRange<cne172b

Node

lenovonextscale_nx360_m4Match-

AND

lenovonextscale_nx360_m4_firmwareRange<fhe132b

Node

lenovosystem_x3300_m4Match-

AND

lenovosystem_x3300_m4_firmwareRange<yae166b

Node

lenovosystem_x3500_m4_firmwareRange<y5e170b

AND

lenovosystem_x3500_m4Match-

Node

lenovosystem_x3530_m4_firmwareRange<bee174b

AND

lenovosystem_x3530_m4Match-

Node

lenovosystem_x3550_m4_firmwareRange<d7e174b

AND

lenovosystem_x3550_m4Match-

Node

lenovosystem_x3630_m4_firmwareRange<bee174b

AND

lenovosystem_x3630_m4Match-

Node

lenovosystem_x3650_m4_firmwareRange<vve172b

AND

lenovosystem_x3650_m4Match-

Node

lenovosystem_x3650_m4_bd_firmwareRange<vve172b

AND

lenovosystem_x3650_m4_bdMatch-

Node

lenovosystem_x3650_m4_hd_firmwareRange<vve172b

AND

lenovosystem_x3650_m4_hdMatch-

Node

lenovosystem_x3750_m4_firmwareRange<a5e130a

AND

lenovosystem_x3750_m4Match-

Node

lenovosystem_x3750_m4_firmwareRange<koe170b

AND

lenovosystem_x3750_m4Match-

Node

lenovoidataplex_dx360_m4_firmwareRange<tde168b

AND

lenovoidataplex_dx360_m4Match-

Node

lenovoidataplex_dx360_m4_water_cooled_firmwareRange<tde168b

AND

lenovoidataplex_dx360_m4_water_cooledMatch-

CPENameOperatorVersion
lenovo:bladecenter_hs23_firmwarelenovo bladecenter hs23 firmwarelttke170b

CPE	Name	Operator	Version
lenovo:bladecenter_hs23_firmware	lenovo bladecenter hs23 firmware	lt	tke170b

CNA Affected

[
  {
    "product": "System x",
    "vendor": "Lenovo",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  },
  {
    "product": "System x",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  }
]

References

support.lenovo.com/us/en/product_security/LEN-38625

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVE-2020-8332

prion1 lenovo2 nvd1 cvelist1