// For flags

CVE-2020-8332

 

Severity Score

6.4
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Servers operating in UEFI mode are not affected.

Una potencial vulnerabilidad en la devolución de llamada de la función SMI utilizada en los controladores USB del modo BIOS heredado en algunos servidores Lenovo e IBM System x heredados puede permitir una ejecución de código arbitraria. Los servidores que funcionan en modo UEFI no están afectados

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-01-28 CVE Reserved
  • 2020-10-14 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Lenovo
Search vendor "Lenovo"
Bladecenter Hs23 Firmware
Search vendor "Lenovo" for product "Bladecenter Hs23 Firmware"
< tke170b
Search vendor "Lenovo" for product "Bladecenter Hs23 Firmware" and version " < tke170b"
-
Affected
in Lenovo
Search vendor "Lenovo"
Bladecenter Hs23
Search vendor "Lenovo" for product "Bladecenter Hs23"
--
Safe
Lenovo
Search vendor "Lenovo"
Bladecenter Hs23e Firmware
Search vendor "Lenovo" for product "Bladecenter Hs23e Firmware"
< ahe172b
Search vendor "Lenovo" for product "Bladecenter Hs23e Firmware" and version " < ahe172b"
-
Affected
in Lenovo
Search vendor "Lenovo"
Bladecenter Hs23e
Search vendor "Lenovo" for product "Bladecenter Hs23e"
--
Safe
Lenovo
Search vendor "Lenovo"
Compute Node-x440 Firmware
Search vendor "Lenovo" for product "Compute Node-x440 Firmware"
< cge128a
Search vendor "Lenovo" for product "Compute Node-x440 Firmware" and version " < cge128a"
-
Affected
in Lenovo
Search vendor "Lenovo"
Compute Node-x440
Search vendor "Lenovo" for product "Compute Node-x440"
--
Safe
Lenovo
Search vendor "Lenovo"
Flex System X220 Firmware
Search vendor "Lenovo" for product "Flex System X220 Firmware"
< kse170b
Search vendor "Lenovo" for product "Flex System X220 Firmware" and version " < kse170b"
-
Affected
in Lenovo
Search vendor "Lenovo"
Flex System X220
Search vendor "Lenovo" for product "Flex System X220"
--
Safe
Lenovo
Search vendor "Lenovo"
Flex System X240 Firmware
Search vendor "Lenovo" for product "Flex System X240 Firmware"
< b2e172b
Search vendor "Lenovo" for product "Flex System X240 Firmware" and version " < b2e172b"
-
Affected
in Lenovo
Search vendor "Lenovo"
Flex System X240
Search vendor "Lenovo" for product "Flex System X240"
--
Safe
Lenovo
Search vendor "Lenovo"
Flex System X440 Firmware
Search vendor "Lenovo" for product "Flex System X440 Firmware"
< cne172b
Search vendor "Lenovo" for product "Flex System X440 Firmware" and version " < cne172b"
-
Affected
in Lenovo
Search vendor "Lenovo"
Flex System X440
Search vendor "Lenovo" for product "Flex System X440"
--
Safe
Lenovo
Search vendor "Lenovo"
Nextscale Nx360 M4 Firmware
Search vendor "Lenovo" for product "Nextscale Nx360 M4 Firmware"
< fhe132b
Search vendor "Lenovo" for product "Nextscale Nx360 M4 Firmware" and version " < fhe132b"
-
Affected
in Lenovo
Search vendor "Lenovo"
Nextscale Nx360 M4
Search vendor "Lenovo" for product "Nextscale Nx360 M4"
--
Safe
Lenovo
Search vendor "Lenovo"
System X3300 M4 Firmware
Search vendor "Lenovo" for product "System X3300 M4 Firmware"
< yae166b
Search vendor "Lenovo" for product "System X3300 M4 Firmware" and version " < yae166b"
-
Affected
in Lenovo
Search vendor "Lenovo"
System X3300 M4
Search vendor "Lenovo" for product "System X3300 M4"
--
Safe
Lenovo
Search vendor "Lenovo"
System X3500 M4 Firmware
Search vendor "Lenovo" for product "System X3500 M4 Firmware"
< y5e170b
Search vendor "Lenovo" for product "System X3500 M4 Firmware" and version " < y5e170b"
-
Affected
in Lenovo
Search vendor "Lenovo"
System X3500 M4
Search vendor "Lenovo" for product "System X3500 M4"
--
Safe
Lenovo
Search vendor "Lenovo"
System X3530 M4 Firmware
Search vendor "Lenovo" for product "System X3530 M4 Firmware"
< bee174b
Search vendor "Lenovo" for product "System X3530 M4 Firmware" and version " < bee174b"
-
Affected
in Lenovo
Search vendor "Lenovo"
System X3530 M4
Search vendor "Lenovo" for product "System X3530 M4"
--
Safe
Lenovo
Search vendor "Lenovo"
System X3550 M4 Firmware
Search vendor "Lenovo" for product "System X3550 M4 Firmware"
< d7e174b
Search vendor "Lenovo" for product "System X3550 M4 Firmware" and version " < d7e174b"
-
Affected
in Lenovo
Search vendor "Lenovo"
System X3550 M4
Search vendor "Lenovo" for product "System X3550 M4"
--
Safe
Lenovo
Search vendor "Lenovo"
System X3630 M4 Firmware
Search vendor "Lenovo" for product "System X3630 M4 Firmware"
< bee174b
Search vendor "Lenovo" for product "System X3630 M4 Firmware" and version " < bee174b"
-
Affected
in Lenovo
Search vendor "Lenovo"
System X3630 M4
Search vendor "Lenovo" for product "System X3630 M4"
--
Safe
Lenovo
Search vendor "Lenovo"
System X3650 M4 Firmware
Search vendor "Lenovo" for product "System X3650 M4 Firmware"
< vve172b
Search vendor "Lenovo" for product "System X3650 M4 Firmware" and version " < vve172b"
-
Affected
in Lenovo
Search vendor "Lenovo"
System X3650 M4
Search vendor "Lenovo" for product "System X3650 M4"
--
Safe
Lenovo
Search vendor "Lenovo"
System X3650 M4 Bd Firmware
Search vendor "Lenovo" for product "System X3650 M4 Bd Firmware"
< vve172b
Search vendor "Lenovo" for product "System X3650 M4 Bd Firmware" and version " < vve172b"
-
Affected
in Lenovo
Search vendor "Lenovo"
System X3650 M4 Bd
Search vendor "Lenovo" for product "System X3650 M4 Bd"
--
Safe
Lenovo
Search vendor "Lenovo"
System X3650 M4 Hd Firmware
Search vendor "Lenovo" for product "System X3650 M4 Hd Firmware"
< vve172b
Search vendor "Lenovo" for product "System X3650 M4 Hd Firmware" and version " < vve172b"
-
Affected
in Lenovo
Search vendor "Lenovo"
System X3650 M4 Hd
Search vendor "Lenovo" for product "System X3650 M4 Hd"
--
Safe
Lenovo
Search vendor "Lenovo"
System X3750 M4 Firmware
Search vendor "Lenovo" for product "System X3750 M4 Firmware"
< a5e130a
Search vendor "Lenovo" for product "System X3750 M4 Firmware" and version " < a5e130a"
-
Affected
in Lenovo
Search vendor "Lenovo"
System X3750 M4
Search vendor "Lenovo" for product "System X3750 M4"
--
Safe
Lenovo
Search vendor "Lenovo"
System X3750 M4 Firmware
Search vendor "Lenovo" for product "System X3750 M4 Firmware"
< koe170b
Search vendor "Lenovo" for product "System X3750 M4 Firmware" and version " < koe170b"
-
Affected
in Lenovo
Search vendor "Lenovo"
System X3750 M4
Search vendor "Lenovo" for product "System X3750 M4"
--
Safe
Lenovo
Search vendor "Lenovo"
Idataplex Dx360 M4 Firmware
Search vendor "Lenovo" for product "Idataplex Dx360 M4 Firmware"
< tde168b
Search vendor "Lenovo" for product "Idataplex Dx360 M4 Firmware" and version " < tde168b"
-
Affected
in Lenovo
Search vendor "Lenovo"
Idataplex Dx360 M4
Search vendor "Lenovo" for product "Idataplex Dx360 M4"
--
Safe
Lenovo
Search vendor "Lenovo"
Idataplex Dx360 M4 Water Cooled Firmware
Search vendor "Lenovo" for product "Idataplex Dx360 M4 Water Cooled Firmware"
< tde168b
Search vendor "Lenovo" for product "Idataplex Dx360 M4 Water Cooled Firmware" and version " < tde168b"
-
Affected
in Lenovo
Search vendor "Lenovo"
Idataplex Dx360 M4 Water Cooled
Search vendor "Lenovo" for product "Idataplex Dx360 M4 Water Cooled"
--
Safe