CVE-2020-8333 - OpenCVE

A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Lenovo	Thinkcentre E73s Thinkstation S30 Firmware Yangtian Tc H81 Pci Firmware Thinkstation S30 Qitian B4550 Yangtian Mf H81 Pci Thinkcentre M4500k Firmware Thinkstation C30 Firmware Yangtian Mf H81 Pci Firmware Yangtian Wf H81 Pci Yangtian Wcc H81 Pci M4500 63 Thinkcentre M4500t M4500 Firmware Thinkstation E32 Firmware Thinkcentre M93z Firmware Yangtian Tc H81 Pci Thinkcentre E73s Firmware Qitian 4500 63 Firmware Yangtian Afh81 Yangtian Mc H81 Firmware M4550 Thinkcentre M9350z Firmware Thinkstation E32 Thinkcentre M4500t Firmware H50-30g Firmware Thinkcentre E93 Firmware H50-30g Qitian M4550 Qitian 4500 Firmware Thinkcentre M9350z Yangtian Wcc H81 Pci Firmware Thinkcentre E73 Yangtian Wf H81 Pci Firmware Thinkstation C30 Thinkcentre M4500s Firmware Thinkstation P300 Firmware Thinkstation D30 Thinkcentre E93 Qitian B4550 Firmware Thinkcentre M4500q Firmware Thinkcentre E73 Firmware Yangtian Mc H81 Thinkstation P300 Thinkcentre M4500q Qitian M4550 Firmware Thinkcentre M4500k Thinkcentre M93z Yangtian Afh81 Firmware Thinkcentre M4500s Thinkstation D30 Firmware M4550 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:lenovo:63_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:63:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:lenovo:h50-30g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:h50-30g:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:lenovo:m4500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:m4500:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:lenovo:m4550_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:m4550:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:lenovo:qitian_4500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:qitian_4500:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:lenovo:qitian_b4550_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:qitian_b4550:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:lenovo:qitian_m4550_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:qitian_m4550:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_e73_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_e73:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_e73s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_e73s:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_e93_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_e93:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_m4500k_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_m4500k:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_m4500q_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_m4500q:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_m4500t_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_m4500t:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_m4500s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_m4500s:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:lenovo:yangtian_afh81_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:yangtian_afh81:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:lenovo:yangtian_mc_h81_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:yangtian_mc_h81:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:lenovo:yangtian_mf_h81_pci_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:yangtian_mf_h81_pci:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:lenovo:yangtian_wf_h81_pci_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:yangtian_wf_h81_pci:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:lenovo:yangtian_tc_h81_pci_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:yangtian_tc_h81_pci:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:lenovo:yangtian_wcc_h81_pci_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:yangtian_wcc_h81_pci:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_m9350z_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_m9350z:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_m93z_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_m93z:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:lenovo:thinkstation_c30_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkstation_c30:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:lenovo:thinkstation_d30_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkstation_d30:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:lenovo:thinkstation_e32_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkstation_e32:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:lenovo:thinkstation_p300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkstation_p300:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:lenovo:thinkstation_s30_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkstation_s30:-:*:*:*:*:*:*:*

References

Link	Resource
https://support.lenovo.com/us/en/product_security/LEN-30042	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: lenovo

Published: 2020-09-24T00:00:00

Updated: 2020-09-24T21:05:26

Reserved: 2020-01-28T00:00:00

Link: CVE-2020-8333

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-09-24T21:15:15.873

Modified: 2020-10-07T01:15:43.870

Link: CVE-2020-8333

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo