Sign-up

ID

VAR-202009-1520


CVE

CVE-2020-8333


TITLE

plural  Lenovo Desktop  and  ThinkStation  Vulnerability in the model

Trust: 0.8

sources: JVNDB: JVNDB-2020-011859

DESCRIPTION

A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution. plural Lenovo Desktop and ThinkStation There are unspecified vulnerabilities in the model.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2020-8333 // JVNDB: JVNDB-2020-011859 // VULMON: CVE-2020-8333

AFFECTED PRODUCTS

vendor:lenovomodel:thinkcentre e73scope:ltversion:fckt98a

Trust: 1.0

vendor:lenovomodel:thinkcentre m4500sscope:ltversion:fckt98a

Trust: 1.0

vendor:lenovomodel:thinkstation e32scope:ltversion:fbktdea

Trust: 1.0

vendor:lenovomodel:thinkcentre e93scope:ltversion:fbktdea

Trust: 1.0

vendor:lenovomodel:qitian m4550scope:ltversion:fckt98a

Trust: 1.0

vendor:lenovomodel:thinkstation d30scope:ltversion:a3kt70a

Trust: 1.0

vendor:lenovomodel:63scope:ltversion:fckt98a

Trust: 1.0

vendor:lenovomodel:yangtian mc h81scope:ltversion:fckt98a

Trust: 1.0

vendor:lenovomodel:thinkcentre m9350zscope:ltversion:fekta2a

Trust: 1.0

vendor:lenovomodel:qitian b4550scope:ltversion:fckt98a

Trust: 1.0

vendor:lenovomodel:yangtian wcc h81 pciscope:ltversion:fckt98a

Trust: 1.0

vendor:lenovomodel:thinkstation s30scope:ltversion:a2kt70a

Trust: 1.0

vendor:lenovomodel:m4500scope:ltversion:fckt98a

Trust: 1.0

vendor:lenovomodel:thinkcentre e73sscope:ltversion:fckt98a

Trust: 1.0

vendor:lenovomodel:thinkstation c30scope:ltversion:a3kt70a

Trust: 1.0

vendor:lenovomodel:thinkcentre m93zscope:ltversion:fekta2a

Trust: 1.0

vendor:lenovomodel:thinkcentre m4500qscope:ltversion:fhkt85a

Trust: 1.0

vendor:lenovomodel:thinkstation p300scope:ltversion:a2kt70a

Trust: 1.0

vendor:lenovomodel:thinkcentre m4500kscope:ltversion:fckt98a

Trust: 1.0

vendor:lenovomodel:h50-30gscope:ltversion:fckt98a

Trust: 1.0

vendor:lenovomodel:m4550scope:ltversion:fckt98a

Trust: 1.0

vendor:lenovomodel:yangtian mf h81 pciscope:ltversion:fckt98a

Trust: 1.0

vendor:lenovomodel:yangtian afh81scope:ltversion:fckt98a

Trust: 1.0

vendor:lenovomodel:thinkcentre m4500tscope:ltversion:fckt98a

Trust: 1.0

vendor:lenovomodel:yangtian wf h81 pciscope:ltversion:fckt98a

Trust: 1.0

vendor:lenovomodel:yangtian tc h81 pciscope:ltversion:fckt98a

Trust: 1.0

vendor:lenovomodel:qitian 4500scope:ltversion:fckt98a

Trust: 1.0

vendor:lenovomodel:63scope: - version: -

Trust: 0.8

vendor:lenovomodel:h50-30g desktopscope: - version: -

Trust: 0.8

vendor:lenovomodel:m4500scope: - version: -

Trust: 0.8

vendor:lenovomodel:m4550scope: - version: -

Trust: 0.8

vendor:lenovomodel:qitian 4500scope: - version: -

Trust: 0.8

vendor:lenovomodel:qitian b4550scope: - version: -

Trust: 0.8

vendor:lenovomodel:qitian m4550scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre e73sscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre e73scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre e93scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-011859 // NVD: CVE-2020-8333

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-8333
value: HIGH

Trust: 1.0

psirt@lenovo.com: CVE-2020-8333
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-8333
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202006-1648
value: HIGH

Trust: 0.6

VULMON: CVE-2020-8333
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-8333
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2020-8333
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

psirt@lenovo.com: CVE-2020-8333
baseSeverity: MEDIUM
baseScore: 6.4
vectorString: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.5
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-8333
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2020-8333 // JVNDB: JVNDB-2020-011859 // CNNVD: CNNVD-202006-1648 // NVD: CVE-2020-8333 // NVD: CVE-2020-8333

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-011859 // NVD: CVE-2020-8333

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202006-1648

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202006-1648

PATCH

title:LEN-30042url:https://support.lenovo.com/us/en/product_security/LEN-30042

Trust: 0.8

title:Multiple Lenovo Desktops and ThinkStation Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122697

Trust: 0.6

sources: JVNDB: JVNDB-2020-011859 // CNNVD: CNNVD-202006-1648

EXTERNAL IDS

db:NVDid:CVE-2020-8333

Trust: 2.5

db:LENOVOid:LEN-30042

Trust: 1.7

db:JVNDBid:JVNDB-2020-011859

Trust: 0.8

db:CNNVDid:CNNVD-202006-1648

Trust: 0.6

db:VULMONid:CVE-2020-8333

Trust: 0.1

sources: VULMON: CVE-2020-8333 // JVNDB: JVNDB-2020-011859 // CNNVD: CNNVD-202006-1648 // NVD: CVE-2020-8333

REFERENCES

url:https://support.lenovo.com/us/en/product_security/len-30042

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-8333

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2020-8333 // JVNDB: JVNDB-2020-011859 // CNNVD: CNNVD-202006-1648 // NVD: CVE-2020-8333

SOURCES

db:VULMONid:CVE-2020-8333
db:JVNDBid:JVNDB-2020-011859
db:CNNVDid:CNNVD-202006-1648
db:NVDid:CVE-2020-8333

LAST UPDATE DATE

2024-08-14T12:57:56.022000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2020-8333date:2020-10-07T00:00:00
db:JVNDBid:JVNDB-2020-011859date:2021-04-16T07:52:00
db:CNNVDid:CNNVD-202006-1648date:2021-03-10T00:00:00
db:NVDid:CVE-2020-8333date:2020-10-07T01:15:43.870

SOURCES RELEASE DATE

db:VULMONid:CVE-2020-8333date:2020-09-24T00:00:00
db:JVNDBid:JVNDB-2020-011859date:2021-04-16T00:00:00
db:CNNVDid:CNNVD-202006-1648date:2020-06-09T00:00:00
db:NVDid:CVE-2020-8333date:2020-09-24T21:15:15.873