Thinkpad E14 Firmware
CVE-2020-8336
MEDIUM
Severity by source
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Lenovo implemented Intel CSME Anti-rollback ARB protections on some ThinkPad models to prevent roll back of CSME Firmware in flash.
AnalysisAI
Lenovo implemented Intel CSME Anti-rollback ARB protections on some ThinkPad models to prevent roll back of CSME Firmware in flash. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
Lenovo implemented Intel CSME Anti-rollback ARB protections on some ThinkPad models to prevent roll back of CSME Firmware in flash. Affected products include: Lenovo Thinkpad E14 Firmware, Lenovo Thinkpad E15 Firmware, Lenovo Thinkpad R14 Firmware, Lenovo Thinkpad S3 Gen 2 Firmware, Lenovo Thinkpad E490S Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Thinkpad E14 Firmware
View allAn internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege. Rated med
A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elev
A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an
A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStatio
A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad s
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today