CVE-2020-8320
moderate-risk
Published 2020-06-09
An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege.
Do I need to act?
-
0.05% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.4/10
Medium
PHYSICAL
/ HIGH complexity
Affected Products (20)
Thinkpad 11E Yoga Gen 6 Firmware
Thinkpad 11E Firmware
Thinkpad Yoga 11E 3Rd Gen Firmware
Thinkpad Yoga 11E 4Th Gen Firmware
Thinkpad Yoga 11E 5Th Gen Firmware
Thinkpad 13 2Nd Gen Firmware
Thinkpad 13 Firmware
Thinkpad A275 Firmware
Thinkpad A285 Firmware
Thinkpad A475 Firmware
Thinkpad A485 Firmware
Thinkpad E14 Firmware
Thinkpad E15 Firmware
Thinkpad R14 Firmware
Thinkpad S3 Gen 2 Firmware
Thinkpad E455 Firmware
Thinkpad E555 Firmware
Thinkpad E460 Firmware
Thinkpad E560 Firmware
Thinkpad E465 Firmware
Affected Vendors
References (2)
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-30042
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-30042
47
/ 100
moderate-risk
Severity
17/34 · Moderate
Exploitability
0/34 · Minimal
Exposure
30/34 · Critical