Lucene search

[email protected]CVE-2020-8336

HistoryJun 09, 2020 - 8:15 p.m.

CVE-2020-8336

2020-06-0920:15:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

lenovo

thinkpad

intel

csme

anti-rollback

arb

firmware

nvd

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

30.3%

JSON

Lenovo implemented Intel CSME Anti-rollback ARB protections on some ThinkPad models to prevent roll back of CSME Firmware in flash.

CPENameOperatorVersion
lenovo:thinkpad_e14_firmwarelenovo thinkpad e14 firmwarelt2020-07-10
lenovo:thinkpad_e15_firmwarelenovo thinkpad e15 firmwarelt2020-07-10
lenovo:thinkpad_r14_firmwarelenovo thinkpad r14 firmwarelt2020-07-10
lenovo:thinkpad_s3_gen_2_firmwarelenovo thinkpad s3 gen 2 firmwarelt2020-07-10
lenovo:thinkpad_e490s_firmwarelenovo thinkpad e490s firmwarelt2020-07-10
lenovo:thinkpad_s3_firmwarelenovo thinkpad s3 firmwarelt2020-07-10
lenovo:thinkpad_e490_firmwarelenovo thinkpad e490 firmwarelt2020-07-10
lenovo:thinkpad_e590_firmwarelenovo thinkpad e590 firmwarelt2020-07-10
lenovo:thinkpad_r490_firmwarelenovo thinkpad r490 firmwarelt2020-07-10
lenovo:thinkpad_r590_firmwarelenovo thinkpad r590 firmwarelt2020-07-10

CPE	Name	Operator	Version
lenovo:thinkpad_e14_firmware	lenovo thinkpad e14 firmware	lt	2020-07-10
lenovo:thinkpad_e15_firmware	lenovo thinkpad e15 firmware	lt	2020-07-10
lenovo:thinkpad_r14_firmware	lenovo thinkpad r14 firmware	lt	2020-07-10
lenovo:thinkpad_s3_gen_2_firmware	lenovo thinkpad s3 gen 2 firmware	lt	2020-07-10
lenovo:thinkpad_e490s_firmware	lenovo thinkpad e490s firmware	lt	2020-07-10
lenovo:thinkpad_s3_firmware	lenovo thinkpad s3 firmware	lt	2020-07-10
lenovo:thinkpad_e490_firmware	lenovo thinkpad e490 firmware	lt	2020-07-10
lenovo:thinkpad_e590_firmware	lenovo thinkpad e590 firmware	lt	2020-07-10
lenovo:thinkpad_r490_firmware	lenovo thinkpad r490 firmware	lt	2020-07-10
lenovo:thinkpad_r590_firmware	lenovo thinkpad r590 firmware	lt	2020-07-10

Rows per page:

1-10 of 381

References

support.lenovo.com/us/en/product_security/LEN-30042

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

30.3%

JSON

Related for CVE-2020-8336

prion1 cvelist1 lenovo1