CVE-2020-8320

Name: CVE-2020-8320
Creator: NVD / NIST
Published: 2020-06-09T20:15:22.117+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.8/10EPSS 0.27%

Last modified Jun 17, 2026

CVE-2020-8320 is a medium-severity vulnerability rated 6.8/10 on the CVSS scale. An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege.. EPSS estimates a 0.27% chance of exploitation in the next 30 days.

Description

An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege.

Metrics

CVSS 3.1

6.8/10

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.27%

18.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Lenovo	Thinkpad 11e Yoga Gen 6 Firmware	< 2020-07-10
Lenovo	Thinkpad 11e Firmware	< 2020-07-10
Lenovo	Thinkpad Yoga 11e 3rd Gen Firmware	< 2020-07-10
Lenovo	Thinkpad Yoga 11e 4th Gen Firmware	< 2020-07-10
Lenovo	Thinkpad Yoga 11e 5th Gen Firmware	< 2020-07-10
Lenovo	Thinkpad 13 2nd Gen Firmware	< 2020-07-10
Lenovo	Thinkpad 13 Firmware	< 2020-07-10
Lenovo	Thinkpad A275 Firmware	< 2020-07-10
Lenovo	Thinkpad A285 Firmware	< 2020-07-10
Lenovo	Thinkpad A475 Firmware	< 2020-07-10
Lenovo	Thinkpad A485 Firmware	< 2020-07-10
Lenovo	Thinkpad E14 Firmware	< 2020-07-10
Lenovo	Thinkpad E15 Firmware	< 2020-07-10
Lenovo	Thinkpad R14 Firmware	< 2020-07-10
Lenovo	Thinkpad S3 Gen 2 Firmware	< 2020-07-10
Lenovo	Thinkpad E455 Firmware	< 2020-07-10
Lenovo	Thinkpad E555 Firmware	< 2020-07-10
Lenovo	Thinkpad E460 Firmware	< 2020-07-10
Lenovo	Thinkpad E560 Firmware	< 2020-07-10
Lenovo	Thinkpad E465 Firmware	< 2020-07-10
Lenovo	Thinkpad E565 Firmware	< 2020-07-10
Lenovo	Thinkpad E470 Firmware	< 2020-07-10
Lenovo	Thinkpad E570 Firmware	< 2020-07-10
Lenovo	Thinkpad E475 Firmware	< 2020-07-10
Lenovo	Thinkpad E575 Firmware	< 2020-07-10
Lenovo	Thinkpad E480 Firmware	< 2020-07-10
Lenovo	Thinkpad E580 Firmware	< 2020-07-10
Lenovo	Thinkpad E485 Firmware	< 2020-07-10
Lenovo	Thinkpad E585 Firmware	< 2020-07-10
Lenovo	Thinkpad E490s Firmware	< 2020-07-10
Lenovo	Thinkpad S3 Firmware	< 2020-07-10
Lenovo	Thinkpad E490 Firmware	< 2020-07-10
Lenovo	Thinkpad E590 Firmware	< 2020-07-10
Lenovo	Thinkpad R490 Firmware	< 2020-07-10
Lenovo	Thinkpad R590 Firmware	< 2020-07-10
Lenovo	Thinkpad L13 Firmware	< 2020-07-10
Lenovo	Thinkpad L1415 Firmware	< 2020-07-10
Lenovo	Thinkpad L380 Firmware	< 2020-07-10
Lenovo	Thinkpad S3 3rd Gen Firmware	< 2020-07-10
Lenovo	Thinkpad L380 Yoga Firmware	< 2020-07-10
Lenovo	Thinkpad S2 Yoga 3rd Gen Firmware	< 2020-07-10
Lenovo	Thinkpad L390 Yoga Firmware	< 2020-07-10
Lenovo	Thinkpad S2 Yoga 4th Gen Firmware	< 2020-07-10
Lenovo	Thinkpad L460 Firmware	< 2020-07-10
Lenovo	Thinkpad L470 Firmware	< 2020-07-10
Lenovo	Thinkpad L480 Firmware	< 2020-07-10
Lenovo	Thinkpad L580 Firmware	< 2020-07-10
Lenovo	Thinkpad L490 Firmware	< 2020-07-10
Lenovo	Thinkpad L590 Firmware	< 2020-07-10
Lenovo	Thinkpad L560 Firmware	< 2020-07-03

Showing 50 of 100 affected configurations. See NVD for the full list.

References

https://support.lenovo.com/us/en/product_security/LEN-30042Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-30042Vendor Advisory

Timeline

Published: Jun 9, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-8320?

An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege.

How severe is CVE-2020-8320?

CVE-2020-8320 has a CVSS score of 6.8/10 (MEDIUM severity). The EPSS model estimates a 0.27% probability of exploitation in the next 30 days.

How do I fix CVE-2020-8320?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-8320?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST