CVE-2020-8333

Home/CVE/A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStatio

CVE

A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStatio

A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution.

MEDIUM · CVSS 6.4 EPSS 0.00038

Monitor

No active-exploitation, high-EPSS, or public-exploit signals - routine patching cadence

Sigma rules0 YARA rules0

▤

Affected Products & Versions

lenovo 63 firmware< fckt98a
lenovo h50-30g firmware< fckt98a
lenovo m4500 firmware< fckt98a
lenovo m4550 firmware< fckt98a
lenovo qitian 4500 firmware< fckt98a
lenovo qitian b4550 firmware< fckt98a
lenovo qitian m4550 firmware< fckt98a
lenovo thinkcentre e73 firmware< fckt98a
Show all 27 affected productslenovo thinkcentre e73s firmware< fckt98a
lenovo thinkcentre e93 firmware< fbktdea
lenovo thinkcentre m4500k firmware< fckt98a
lenovo thinkcentre m4500q firmware< fhkt85a
lenovo thinkcentre m4500t firmware< fckt98a
lenovo thinkcentre m4500s firmware< fckt98a
lenovo yangtian afh81 firmware< fckt98a
lenovo yangtian mc h81 firmware< fckt98a
lenovo yangtian mf h81 pci firmware< fckt98a
lenovo yangtian wf h81 pci firmware< fckt98a
lenovo yangtian tc h81 pci firmware< fckt98a
lenovo yangtian wcc h81 pci firmware< fckt98a
lenovo thinkcentre m9350z firmware< fekta2a
lenovo thinkcentre m93z firmware< fekta2a
lenovo thinkstation c30 firmware< a3kt70a
lenovo thinkstation d30 firmware< a3kt70a
lenovo thinkstation e32 firmware< fbktdea
lenovo thinkstation p300 firmware< a2kt70a
lenovo thinkstation s30 firmware< a2kt70a

▣

Scoring & Timeline

6.4

MEDIUM · CVSS v3.1 · psirt@lenovo.com

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD24 Sep 2020 · 09:15 PM

CVSS VectorCVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

🔗

References & Sources

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

https://support.lenovo.com/us/en/product_security/LEN-30042PatchVendor Advisory

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin