CVE-2020-8335 - OpenCVE

The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495 BIOS versions up to r12uj55w; T495s/X395, BIOS versions up to r13uj47w, while the emergency-reset button is pressed which may allow for unauthorized access.

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Lenovo	Thinkpad X1 Carbon \(20bx\) Firmware Thinkpad A275 Firmware Thinkpad T495s Jazz Thinkpad X395 Firmware Thinkpad A285 Firmware Thinkpad T495 Drift Firmware Thinkpad A275 Thinkpad X1 Carbon \(20bx\) Thinkpad X395 Thinkpad A485 Firmware Thinkpad T495s Jazz Firmware Thinkpad A285 Thinkpad T495 Drift Thinkpad A475 Firmware Thinkpad A485 Thinkpad A475

Configuration 1 [-]

AND

cpe:2.3:o:lenovo:thinkpad_a275_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_a275:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:lenovo:thinkpad_a285_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_a285:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:lenovo:thinkpad_a475_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_a475:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:lenovo:thinkpad_a485_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_a485:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:lenovo:thinkpad_t495_drift_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_t495_drift:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:lenovo:thinkpad_t495s_jazz_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_t495s_jazz:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x1_carbon_\(20bx\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x1_carbon_\(20bx\):-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x395_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x395:-:*:*:*:*:*:*:*

References

Link	Resource
https://support.lenovo.com/us/en/product_security/LEN-30042	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: lenovo

Published: 2020-09-01T00:00:00

Updated: 2020-09-01T21:30:16

Reserved: 2020-01-28T00:00:00

Link: CVE-2020-8335

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-09-01T22:15:10.313

Modified: 2020-09-10T14:56:52.297

Link: CVE-2020-8335

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo