Thinkpad 11E Yoga Gen 6 Firmware
CVE-2020-8320
MEDIUM
Severity by source
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege.
AnalysisAI
An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-489. An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege. Affected products include: Lenovo Thinkpad 11E Yoga Gen 6 Firmware, Lenovo Thinkpad 11E Firmware, Lenovo Thinkpad Yoga 11E 3Rd Gen Firmware, Lenovo Thinkpad Yoga 11E 4Th Gen Firmware, Lenovo Thinkpad Yoga 11E 5Th Gen Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local
A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an
A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStatio
A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad s
A denial of service vulnerability was reported in some ThinkPad models that could cause a system to crash when the Enhan
Same weakness CWE-489 – Active Debug Code
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today