Lucene search

[email protected]CVE-2020-8335

HistorySep 01, 2020 - 10:15 p.m.

CVE-2020-8335

2020-09-0122:15:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2020-8335

bios tamper detection

lenovo

thinkpad a285

thinkpad a485

t495

t495s

x395

unauthorized access

nvd.

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

29.9%

JSON

The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495 BIOS versions up to r12uj55w; T495s/X395, BIOS versions up to r13uj47w, while the emergency-reset button is pressed which may allow for unauthorized access.

CPENameOperatorVersion
lenovo:thinkpad_a275_firmwarelenovo thinkpad a275 firmwarelt2020-08-30
lenovo:thinkpad_a285_firmwarelenovo thinkpad a285 firmwarelt2020-08-30
lenovo:thinkpad_a475_firmwarelenovo thinkpad a475 firmwarelt2020-08-30
lenovo:thinkpad_a485_firmwarelenovo thinkpad a485 firmwarelt2020-08-30
lenovo:thinkpad_t495_drift_firmwarelenovo thinkpad t495 drift firmwarelt2020-08-30
lenovo:thinkpad_t495s_jazz_firmwarelenovo thinkpad t495s jazz firmwarelt2020-08-30
lenovo:thinkpad_x1_carbon_\(20bx\)_firmwarelenovo thinkpad x1 carbon \(20bx\) firmwareltn14et54w
lenovo:thinkpad_x395_firmwarelenovo thinkpad x395 firmwarelt2020-08-30

CPE	Name	Operator	Version
lenovo:thinkpad_a275_firmware	lenovo thinkpad a275 firmware	lt	2020-08-30
lenovo:thinkpad_a285_firmware	lenovo thinkpad a285 firmware	lt	2020-08-30
lenovo:thinkpad_a475_firmware	lenovo thinkpad a475 firmware	lt	2020-08-30
lenovo:thinkpad_a485_firmware	lenovo thinkpad a485 firmware	lt	2020-08-30
lenovo:thinkpad_t495_drift_firmware	lenovo thinkpad t495 drift firmware	lt	2020-08-30
lenovo:thinkpad_t495s_jazz_firmware	lenovo thinkpad t495s jazz firmware	lt	2020-08-30
lenovo:thinkpad_x1_carbon_\(20bx\)_firmware	lenovo thinkpad x1 carbon \(20bx\) firmware	lt	n14et54w
lenovo:thinkpad_x395_firmware	lenovo thinkpad x395 firmware	lt	2020-08-30

References

support.lenovo.com/us/en/product_security/LEN-30042

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

29.9%

JSON

Related for CVE-2020-8335

prion1 lenovo1