CVE-2020-8335 — MEDIUM (6.1)

Q: How severe is CVE-2020-8335?

CVE-2020-8335 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-8335?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Thinkpad A275 Firmware, Lenovo Thinkpad A275, Lenovo Thinkpad A285 Firmware, Lenovo Thinkpad A285, Lenovo Thinkpad A475 Firmware.

Vulnerability Description

The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495 BIOS versions up to r12uj55w; T495s/X395, BIOS versions up to r13uj47w, while the emergency-reset button is pressed which may allow for unauthorized access.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Lenovo	Thinkpad A275 Firmware	< 2020-08-30
Lenovo	Thinkpad A275	-
Lenovo	Thinkpad A285 Firmware	< 2020-08-30
Lenovo	Thinkpad A285	-
Lenovo	Thinkpad A475 Firmware	< 2020-08-30
Lenovo	Thinkpad A475	-
Lenovo	Thinkpad A485 Firmware	< 2020-08-30
Lenovo	Thinkpad A485	-
Lenovo	Thinkpad T495 Drift Firmware	< 2020-08-30
Lenovo	Thinkpad T495 Drift	-
Lenovo	Thinkpad T495S Jazz Firmware	< 2020-08-30
Lenovo	Thinkpad T495S Jazz	-
Lenovo	Thinkpad X1 Carbon \(20Bx\) Firmware	< n14et54w
Lenovo	Thinkpad X1 Carbon \(20Bx\)	-
Lenovo	Thinkpad X395 Firmware	< 2020-08-30
Lenovo	Thinkpad X395	-

References

https://support.lenovo.com/us/en/product_security/LEN-30042Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-30042Vendor Advisory

FAQ

What is CVE-2020-8335?

CVE-2020-8335 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495 BIOS versions up to r12uj55w; T495s/X395, BIOS ver...

How severe is CVE-2020-8335?

CVE-2020-8335 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-8335?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Thinkpad A275 Firmware, Lenovo Thinkpad A275, Lenovo Thinkpad A285 Firmware, Lenovo Thinkpad A285, Lenovo Thinkpad A475 Firmware.