CVE-2020-8332 — MEDIUM (6.4)

Q: How severe is CVE-2020-8332?

CVE-2020-8332 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-8332?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Bladecenter Hs23 Firmware, Lenovo Bladecenter Hs23, Lenovo Bladecenter Hs23E Firmware, Lenovo Bladecenter Hs23E, Lenovo Compute Node-X440 Firmware.

Vulnerability Description

A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Servers operating in UEFI mode are not affected.

CVSS Score

6.4

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Lenovo	Bladecenter Hs23 Firmware	< tke170b
Lenovo	Bladecenter Hs23	-
Lenovo	Bladecenter Hs23E Firmware	< ahe172b
Lenovo	Bladecenter Hs23E	-
Lenovo	Compute Node-X440 Firmware	< cge128a
Lenovo	Compute Node-X440	-
Lenovo	Flex System X220 Firmware	< kse170b
Lenovo	Flex System X220	-
Lenovo	Flex System X240 Firmware	< b2e172b
Lenovo	Flex System X240	-
Lenovo	Flex System X440 Firmware	< cne172b
Lenovo	Flex System X440	-
Lenovo	Nextscale Nx360 M4 Firmware	< fhe132b
Lenovo	Nextscale Nx360 M4	-
Lenovo	System X3300 M4 Firmware	< yae166b
Lenovo	System X3300 M4	-
Lenovo	System X3500 M4 Firmware	< y5e170b
Lenovo	System X3500 M4	-
Lenovo	System X3530 M4 Firmware	< bee174b
Lenovo	System X3530 M4	-

Related Weaknesses (CWE)

CWE-367

References

https://support.lenovo.com/us/en/product_security/LEN-38625Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-38625Vendor Advisory

FAQ

What is CVE-2020-8332?

CVE-2020-8332 is a vulnerability with a CVSS score of 6.4 (MEDIUM). A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Servers operating in ...

How severe is CVE-2020-8332?

CVE-2020-8332 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-8332?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Bladecenter Hs23 Firmware, Lenovo Bladecenter Hs23, Lenovo Bladecenter Hs23E Firmware, Lenovo Bladecenter Hs23E, Lenovo Compute Node-X440 Firmware.