Skip to main content

Thinkpad 11E Yoga Gen 6 Firmware CVE-2020-8320

MEDIUM
Active Debug Code (CWE-489)
2020-06-09 psirt@lenovo.com
Privilege Escalation Thinkpad 11E Yoga Gen 6 Firmware Thinkpad 11E Firmware Thinkpad Yoga 11E 3Rd Gen Firmware Thinkpad Yoga 11E 4Th Gen Firmware Thinkpad Yoga 11E 5Th Gen Firmware Thinkpad 13 2Nd Gen Firmware Thinkpad 13 Firmware Thinkpad A275 Firmware Thinkpad A285 Firmware Thinkpad A475 Firmware Thinkpad A485 Firmware Thinkpad E14 Firmware Thinkpad E15 Firmware Thinkpad R14 Firmware Thinkpad S3 Gen 2 Firmware Thinkpad E455 Firmware Thinkpad E555 Firmware Thinkpad E460 Firmware Thinkpad E560 Firmware Thinkpad E465 Firmware Thinkpad E565 Firmware Thinkpad E470 Firmware Thinkpad E570 Firmware Thinkpad E475 Firmware Thinkpad E575 Firmware Thinkpad E480 Firmware Thinkpad E580 Firmware Thinkpad E485 Firmware Thinkpad E585 Firmware Thinkpad E490S Firmware Thinkpad S3 Firmware Thinkpad E490 Firmware Thinkpad E590 Firmware Thinkpad R490 Firmware Thinkpad R590 Firmware Thinkpad L13 Firmware Thinkpad L1415 Firmware Thinkpad L380 Firmware Thinkpad S3 3Rd Gen Firmware Thinkpad L380 Yoga Firmware Thinkpad S2 Yoga 3Rd Gen Firmware Thinkpad L390 Yoga Firmware Thinkpad S2 Yoga 4Th Gen Firmware Thinkpad L460 Firmware Thinkpad L470 Firmware Thinkpad L480 Firmware Thinkpad L580 Firmware Thinkpad L490 Firmware Thinkpad L590 Firmware Thinkpad L560 Firmware Thinkpad L570 Firmware Thinkpad P1 Firmware Thinkpad P43S Firmware Thinkpad P50 Firmware Thinkpad P50S Firmware Thinkpad P51 Firmware Thinkpad P51S Firmware Thinkpad P52 Firmware Thinkpad P52S Firmware Thinkpad P53 Firmware Thinkpad P53S Firmware Thinkpad P70 Firmware Thinkpad P71 Firmware Thinkpad P72 Firmware Thinkpad P73 Firmware Thinkpad S5 2Nd Gen Firmware Thinkpad S5 Firmware Thinkpad E560P Firmware Thinkpad T25 Firmware Thinkpad T460 Firmware Thinkpad T460P Firmware Thinkpad T460S Firmware Thinkpad T470 Firmware Thinkpad T470P Firmware Thinkpad T470S Firmware Thinkpad T480 Firmware Thinkpad T480S Firmware Thinkpad T490 Firmware Thinkpad T490S Firmware Thinkpad T560 Firmware Thinkpad T570 Firmware Thinkpad T580 Firmware Thinkpad T590 Firmware Thinkpad X1 Carbon Firmware Thinkpad X1 Yoga Firmware Thinkpad X1 Extreme Firmware Thinkpad X1 Tablet Firmware Thinkpad X260 Firmware Thinkpad X270 Firmware Thinkpad X280 Firmware Thinkpad X380 Yoga Firmware Thinkpad X390 Firmware Thinkpad X390 Yoga Firmware Thinkpad X395 Firmware Thinkpad Yoga 260 Firmware Thinkpad S1 Firmware Thinkpad Yoga 370 Firmware Thinkpad S1 3Rd Firmware Thinkpad T495 Firmware Thinkpad T495S Firmware
6.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 09, 2020 - 20:15 nvd
MEDIUM 6.8

DescriptionNVD

An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege.

AnalysisAI

An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-489. An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege. Affected products include: Lenovo Thinkpad 11E Yoga Gen 6 Firmware, Lenovo Thinkpad 11E Firmware, Lenovo Thinkpad Yoga 11E 3Rd Gen Firmware, Lenovo Thinkpad Yoga 11E 4Th Gen Firmware, Lenovo Thinkpad Yoga 11E 5Th Gen Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2020-8320 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy