CVE & CISA-KEV Catalog

CVE-2020-8336

MEDIUM
6.4
CVSS v3
NVD

Description

Lenovo implemented Intel CSME Anti-rollback ARB protections on some ThinkPad models to prevent roll back of CSME Firmware in flash.

How to fix

Remediation Available
thinkpad e14 firmwareNVD
Affected:< 2020-07-10Fixed in:2020-07-10CVE-2020-8336derived from NVD
thinkpad e15 firmwareNVD
Affected:< 2020-07-10Fixed in:2020-07-10CVE-2020-8336derived from NVD
thinkpad e490 firmwareNVD
Affected:< 2020-07-10Fixed in:2020-07-10CVE-2020-8336derived from NVD
thinkpad e490s firmwareNVD
Affected:< 2020-07-10Fixed in:2020-07-10CVE-2020-8336derived from NVD
thinkpad e590 firmwareNVD
Affected:< 2020-07-10Fixed in:2020-07-10CVE-2020-8336derived from NVD
thinkpad l13 1st gen firmwareNVD
Affected:< 2020-07-10Fixed in:2020-07-10CVE-2020-8336derived from NVD
thinkpad l1415 gen 1 firmwareNVD
Affected:< 2020-07-10Fixed in:2020-07-10CVE-2020-8336derived from NVD
thinkpad l390 yoga firmwareNVD
Affected:< 2020-07-10Fixed in:2020-07-10CVE-2020-8336derived from NVD
thinkpad l490 firmwareNVD
Affected:< 2020-07-10Fixed in:2020-07-10CVE-2020-8336derived from NVD
thinkpad l590 firmwareNVD
Affected:< 2020-07-10Fixed in:2020-07-10CVE-2020-8336derived from NVD
thinkpad p1 \(20mx\) firmwareNVD
Affected:< n2eet47wFixed in:n2eet47wCVE-2020-8336derived from NVD
thinkpad p1 \(20qx\) firmwareNVD
Affected:< n2oet44wFixed in:n2oet44wCVE-2020-8336derived from NVD
thinkpad p43s \(20rx\) firmwareNVD
Affected:< n2iet88wFixed in:n2iet88wCVE-2020-8336derived from NVD
thinkpad p52 \(20mx\) firmwareNVD
Affected:< n2cet51w-1.34Fixed in:n2cet51w-1.34CVE-2020-8336derived from NVD
thinkpad p53 \(20qx\) firmwareNVD
Affected:< n2net37wFixed in:n2net37wCVE-2020-8336derived from NVD
thinkpad p53s \(20nx\) firmwareNVD
Affected:< n2iet88wFixed in:n2iet88wCVE-2020-8336derived from NVD
thinkpad p72 \(20mx\) firmwareNVD
Affected:< n2cet51wFixed in:n2cet51wCVE-2020-8336derived from NVD
thinkpad p73 \(20qx\) firmwareNVD
Affected:< n2net37wFixed in:n2net37wCVE-2020-8336derived from NVD
thinkpad r14 firmwareNVD
Affected:< 2020-07-10Fixed in:2020-07-10CVE-2020-8336derived from NVD
thinkpad r490 firmwareNVD
Affected:< 2020-07-10Fixed in:2020-07-10CVE-2020-8336derived from NVD
thinkpad r590 firmwareNVD
Affected:< 2020-07-10Fixed in:2020-07-10CVE-2020-8336derived from NVD
thinkpad s2 yoga 4th gen firmwareNVD
Affected:< 2020-07-10Fixed in:2020-07-10CVE-2020-8336derived from NVD
thinkpad s3 firmwareNVD
Affected:< 2020-07-10Fixed in:2020-07-10CVE-2020-8336derived from NVD
thinkpad s3 gen 2 firmwareNVD
Affected:< 2020-07-10Fixed in:2020-07-10CVE-2020-8336derived from NVD
thinkpad t490 \(20nx\) firmwareNVD
Affected:< n2iet88wFixed in:n2iet88wCVE-2020-8336derived from NVD
thinkpad t490 \(20qx\) firmwareNVD
Affected:< n2iet88wFixed in:n2iet88wCVE-2020-8336derived from NVD
thinkpad t490 \(20rx\) firmwareNVD
Affected:< n2iet88wFixed in:n2iet88wCVE-2020-8336derived from NVD
thinkpad t490s \(20nx\) firmwareNVD
Affected:< n2jet87wFixed in:n2jet87wCVE-2020-8336derived from NVD
thinkpad t590 \(20nx\) firmwareNVD
Affected:< n2iet88wFixed in:n2iet88wCVE-2020-8336derived from NVD
thinkpad x1 carbon \(20qx\) firmwareNVD
Affected:< n2het47wFixed in:n2het47wCVE-2020-8336derived from NVD
thinkpad x1 carbon \(20rx\) firmwareNVD
Affected:< n2het47wFixed in:n2het47wCVE-2020-8336derived from NVD
thinkpad x1 extreme \(20mx\) firmwareNVD
Affected:< n2eet47wFixed in:n2eet47wCVE-2020-8336derived from NVD
thinkpad x1 extreme \(20qx\) firmwareNVD
Affected:< n2oet44wFixed in:n2oet44wCVE-2020-8336derived from NVD
thinkpad x1 yoga \(20qx\) firmwareNVD
Affected:< n2het47wFixed in:n2het47wCVE-2020-8336derived from NVD
thinkpad x1 yoga \(20sx\) firmwareNVD
Affected:< n2het47wFixed in:n2het47wCVE-2020-8336derived from NVD
thinkpad x390 \(20qx\) firmwareNVD
Affected:< n2jet87wFixed in:n2jet87wCVE-2020-8336derived from NVD
thinkpad x390 \(20sx\) firmwareNVD
Affected:< n2set18wFixed in:n2set18wCVE-2020-8336derived from NVD
thinkpad x390 yoga firmwareNVD
Affected:< n2let74wFixed in:n2let74wCVE-2020-8336derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorPhysical
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityHigh
AvailabilityHigh

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploit Intelligence

0.29%probability of exploitation in 30 days
20thpercentile

Low risk: more likely to be exploited than 20% of all known CVEs.

References

Vendor Advisory1
Embed a live status badge for CVE-2020-8336
CVE-2020-8336 severity badge

Markdown

[![CVE-2020-8336](https://tridentstack.com/cve/badge/CVE-2020-8336.svg)](https://tridentstack.com/cve/CVE-2020-8336)

HTML

<a href="https://tridentstack.com/cve/CVE-2020-8336"><img src="https://tridentstack.com/cve/badge/CVE-2020-8336.svg" alt="CVE-2020-8336"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.