CVE-2020-8334 - OpenCVE

The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T495s, X395, T495, A485, A285, A475, A275 which may allow for unauthorized access.

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Lenovo	Thinkpad X395 Firmware Thinkpad A275 Firmware Thinkpad A475 Thinkpad A285 Firmware Thinkpad T495 Thinkpad A275 Thinkpad T495s Firmware Thinkpad T495 Firmware Thinkpad A485 Firmware Thinkpad A475 Firmware Thinkpad A285 Thinkpad T495s Thinkpad A485 Thinkpad X395

Configuration 1 [-]

AND

cpe:2.3:o:lenovo:thinkpad_t495s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_t495s:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x395_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x395:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:lenovo:thinkpad_t495_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_t495:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:lenovo:thinkpad_a485_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_a485:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:lenovo:thinkpad_a285_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_a285:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:lenovo:thinkpad_a475_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_a475:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:lenovo:thinkpad_a275_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_a275:-:*:*:*:*:*:*:*

References

Link	Resource
https://support.lenovo.com/us/en/product_security/LEN-30042	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: lenovo

Published: 2020-06-09T00:00:00

Updated: 2020-06-09T19:50:37

Reserved: 2020-01-28T00:00:00

Link: CVE-2020-8334

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-06-09T20:15:22.600

Modified: 2021-07-21T11:39:23.747

Link: CVE-2020-8334

JSON object: View

Redhat Information

No data.

CWE

CWE-754

{"containers": {"cna": {"affected": [{"product": "BIOS", "vendor": "Lenovo", "versions": [{"status": "affected", "version": "various"}]}], "credits": [{"lang": "en", "value": "Lenovo thanks Zoltan Harmath"}], "datePublic": "2020-06-09T00:00:00", "descriptions": [{"lang": "en", "value": "The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T495s, X395, T495, A485, A285, A475, A275 which may allow for unauthorized access."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "unauthorized access", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-06-09T19:50:37", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.lenovo.com/us/en/product_security/LEN-30042"}], "solutions": [{"lang": "en", "value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-30042."}], "source": {"advisory": "LEN-30042", "discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@lenovo.com", "DATE_PUBLIC": "2020-06-09T18:00:00.000Z", "ID": "CVE-2020-8334", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "BIOS", "version": {"version_data": [{"version_affected": "=", "version_value": "various"}]}}]}, "vendor_name": "Lenovo"}]}}, "credit": [{"lang": "eng", "value": "Lenovo thanks Zoltan Harmath"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T495s, X395, T495, A485, A285, A475, A275 which may allow for unauthorized access."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "unauthorized access"}]}]}, "references": {"reference_data": [{"name": "https://support.lenovo.com/us/en/product_security/LEN-30042", "refsource": "MISC", "url": "https://support.lenovo.com/us/en/product_security/LEN-30042"}]}, "solution": [{"lang": "en", "value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-30042."}], "source": {"advisory": "LEN-30042", "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2020-8334", "datePublished": "2020-06-09T00:00:00", "dateReserved": "2020-01-28T00:00:00", "dateUpdated": "2020-06-09T19:50:37", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkpad_t495s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "DE13B602-1151-403A-B26F-5CCF6BA7034D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkpad_t495s:-:*:*:*:*:*:*:*", "matchCriteriaId": "549B577D-FAF3-4040-AB84-EC89619C438D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkpad_x395_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "476D392B-6CFA-41C0-BB10-FFF6291CE370", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkpad_x395:-:*:*:*:*:*:*:*", "matchCriteriaId": "C9D5D2DC-32C0-4540-82AF-D97735383028", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkpad_t495_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "8325C978-9B75-40FE-AC15-7ED77FA03FC2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkpad_t495:-:*:*:*:*:*:*:*", "matchCriteriaId": "59D1AB23-EF93-48F6-BB7C-BC809EB69163", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkpad_a485_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "9719CB03-23EA-4E58-80B9-F08A9EB7B447", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkpad_a485:-:*:*:*:*:*:*:*", "matchCriteriaId": "37B871C5-73F4-43FF-BCF1-B9B1B52FAC31", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkpad_a285_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "56C6F654-B6BC-4F04-8482-2D45893B95E0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkpad_a285:-:*:*:*:*:*:*:*", "matchCriteriaId": "259D895B-9968-41CF-8DB4-FAAB5A4C04AF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkpad_a475_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6DE3B50D-634C-49E7-A8A9-2E00A535D3F0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkpad_a475:-:*:*:*:*:*:*:*", "matchCriteriaId": "EE1D9347-9561-45A3-A434-3A0802BC8953", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkpad_a275_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "279A45F5-A139-449B-B054-A39217E2AC66", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkpad_a275:-:*:*:*:*:*:*:*", "matchCriteriaId": "577AACCC-001A-4C73-B036-CA942080304F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T495s, X395, T495, A485, A285, A475, A275 which may allow for unauthorized access."}, {"lang": "es", "value": "El mecanismo de detecci\u00f3n de manipulaci\u00f3n del BIOS no se activ\u00f3 en Lenovo ThinkPad T495s, X395, T495, A485, A285, A475, A275, lo que puede permitir un acceso no autorizado"}], "id": "CVE-2020-8334", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.2, "source": "psirt@lenovo.com", "type": "Secondary"}]}, "published": "2020-06-09T20:15:22.600", "references": [{"source": "psirt@lenovo.com", "tags": ["Vendor Advisory"], "url": "https://support.lenovo.com/us/en/product_security/LEN-30042"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-754"}], "source": "nvd@nist.gov", "type": "Primary"}]}