CVE-2020-8332
Severity Score
6.4
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Servers operating in UEFI mode are not affected.
Una potencial vulnerabilidad en la devolución de llamada de la función SMI utilizada en los controladores USB del modo BIOS heredado en algunos servidores Lenovo e IBM System x heredados puede permitir una ejecución de código arbitraria. Los servidores que funcionan en modo UEFI no están afectados
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-01-28 CVE Reserved
- 2020-10-14 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.lenovo.com/us/en/product_security/LEN-38625 | 2020-10-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Lenovo Search vendor "Lenovo" | Bladecenter Hs23 Firmware Search vendor "Lenovo" for product "Bladecenter Hs23 Firmware" | < tke170b Search vendor "Lenovo" for product "Bladecenter Hs23 Firmware" and version " < tke170b" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Bladecenter Hs23 Search vendor "Lenovo" for product "Bladecenter Hs23" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Bladecenter Hs23e Firmware Search vendor "Lenovo" for product "Bladecenter Hs23e Firmware" | < ahe172b Search vendor "Lenovo" for product "Bladecenter Hs23e Firmware" and version " < ahe172b" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Bladecenter Hs23e Search vendor "Lenovo" for product "Bladecenter Hs23e" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Compute Node-x440 Firmware Search vendor "Lenovo" for product "Compute Node-x440 Firmware" | < cge128a Search vendor "Lenovo" for product "Compute Node-x440 Firmware" and version " < cge128a" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Compute Node-x440 Search vendor "Lenovo" for product "Compute Node-x440" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Flex System X220 Firmware Search vendor "Lenovo" for product "Flex System X220 Firmware" | < kse170b Search vendor "Lenovo" for product "Flex System X220 Firmware" and version " < kse170b" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Flex System X220 Search vendor "Lenovo" for product "Flex System X220" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Flex System X240 Firmware Search vendor "Lenovo" for product "Flex System X240 Firmware" | < b2e172b Search vendor "Lenovo" for product "Flex System X240 Firmware" and version " < b2e172b" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Flex System X240 Search vendor "Lenovo" for product "Flex System X240" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Flex System X440 Firmware Search vendor "Lenovo" for product "Flex System X440 Firmware" | < cne172b Search vendor "Lenovo" for product "Flex System X440 Firmware" and version " < cne172b" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Flex System X440 Search vendor "Lenovo" for product "Flex System X440" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Nextscale Nx360 M4 Firmware Search vendor "Lenovo" for product "Nextscale Nx360 M4 Firmware" | < fhe132b Search vendor "Lenovo" for product "Nextscale Nx360 M4 Firmware" and version " < fhe132b" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Nextscale Nx360 M4 Search vendor "Lenovo" for product "Nextscale Nx360 M4" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | System X3300 M4 Firmware Search vendor "Lenovo" for product "System X3300 M4 Firmware" | < yae166b Search vendor "Lenovo" for product "System X3300 M4 Firmware" and version " < yae166b" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | System X3300 M4 Search vendor "Lenovo" for product "System X3300 M4" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | System X3500 M4 Firmware Search vendor "Lenovo" for product "System X3500 M4 Firmware" | < y5e170b Search vendor "Lenovo" for product "System X3500 M4 Firmware" and version " < y5e170b" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | System X3500 M4 Search vendor "Lenovo" for product "System X3500 M4" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | System X3530 M4 Firmware Search vendor "Lenovo" for product "System X3530 M4 Firmware" | < bee174b Search vendor "Lenovo" for product "System X3530 M4 Firmware" and version " < bee174b" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | System X3530 M4 Search vendor "Lenovo" for product "System X3530 M4" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | System X3550 M4 Firmware Search vendor "Lenovo" for product "System X3550 M4 Firmware" | < d7e174b Search vendor "Lenovo" for product "System X3550 M4 Firmware" and version " < d7e174b" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | System X3550 M4 Search vendor "Lenovo" for product "System X3550 M4" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | System X3630 M4 Firmware Search vendor "Lenovo" for product "System X3630 M4 Firmware" | < bee174b Search vendor "Lenovo" for product "System X3630 M4 Firmware" and version " < bee174b" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | System X3630 M4 Search vendor "Lenovo" for product "System X3630 M4" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | System X3650 M4 Firmware Search vendor "Lenovo" for product "System X3650 M4 Firmware" | < vve172b Search vendor "Lenovo" for product "System X3650 M4 Firmware" and version " < vve172b" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | System X3650 M4 Search vendor "Lenovo" for product "System X3650 M4" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | System X3650 M4 Bd Firmware Search vendor "Lenovo" for product "System X3650 M4 Bd Firmware" | < vve172b Search vendor "Lenovo" for product "System X3650 M4 Bd Firmware" and version " < vve172b" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | System X3650 M4 Bd Search vendor "Lenovo" for product "System X3650 M4 Bd" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | System X3650 M4 Hd Firmware Search vendor "Lenovo" for product "System X3650 M4 Hd Firmware" | < vve172b Search vendor "Lenovo" for product "System X3650 M4 Hd Firmware" and version " < vve172b" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | System X3650 M4 Hd Search vendor "Lenovo" for product "System X3650 M4 Hd" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | System X3750 M4 Firmware Search vendor "Lenovo" for product "System X3750 M4 Firmware" | < a5e130a Search vendor "Lenovo" for product "System X3750 M4 Firmware" and version " < a5e130a" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | System X3750 M4 Search vendor "Lenovo" for product "System X3750 M4" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | System X3750 M4 Firmware Search vendor "Lenovo" for product "System X3750 M4 Firmware" | < koe170b Search vendor "Lenovo" for product "System X3750 M4 Firmware" and version " < koe170b" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | System X3750 M4 Search vendor "Lenovo" for product "System X3750 M4" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Idataplex Dx360 M4 Firmware Search vendor "Lenovo" for product "Idataplex Dx360 M4 Firmware" | < tde168b Search vendor "Lenovo" for product "Idataplex Dx360 M4 Firmware" and version " < tde168b" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Idataplex Dx360 M4 Search vendor "Lenovo" for product "Idataplex Dx360 M4" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Idataplex Dx360 M4 Water Cooled Firmware Search vendor "Lenovo" for product "Idataplex Dx360 M4 Water Cooled Firmware" | < tde168b Search vendor "Lenovo" for product "Idataplex Dx360 M4 Water Cooled Firmware" and version " < tde168b" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Idataplex Dx360 M4 Water Cooled Search vendor "Lenovo" for product "Idataplex Dx360 M4 Water Cooled" | - | - |
Safe
|