CVE-2020-8334

The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T495s, X395, T495, A485, A285, A475, A275 which may allow for unauthorized access.

CVSS v3.0 6.8 MEDIUM
CVSS v2.0 4.6 MEDIUM

6.8^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://support.lenovo.com/us/en/product_security/LEN-30042	Vendor Advisory

Advertisement

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:lenovo:thinkpad_t495s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_t495s:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:lenovo:thinkpad_x395_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x395:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:lenovo:thinkpad_t495_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_t495:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:lenovo:thinkpad_a485_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_a485:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:lenovo:thinkpad_a285_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_a285:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:lenovo:thinkpad_a475_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_a475:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:lenovo:thinkpad_a275_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_a275:-:*:*:*:*:*:*:*

Information

Published : 2020-06-09 13:15

Updated : 2021-07-21 04:39

NVD link : CVE-2020-8334

Mitre link : CVE-2020-8334

JSON object : View

CWE

CWE-754

Improper Check for Unusual or Exceptional Conditions

Advertisement

Products Affected

lenovo

thinkpad_a275_firmware
thinkpad_a285_firmware
thinkpad_x395
thinkpad_a275
thinkpad_a285
thinkpad_t495s_firmware
thinkpad_t495
thinkpad_a475_firmware
thinkpad_t495_firmware
thinkpad_t495s
thinkpad_a475
thinkpad_a485_firmware
thinkpad_a485
thinkpad_x395_firmware

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-30042", "name": "https://support.lenovo.com/us/en/product_security/LEN-30042", "tags": ["Vendor Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T495s, X395, T495, A485, A285, A475, A275 which may allow for unauthorized access."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-754"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2020-8334", "ASSIGNER": "psirt@lenovo.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}}, "publishedDate": "2020-06-09T20:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_t495s_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_t495s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_x395_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_x395:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_t495_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_t495:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_a485_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_a485:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_a285_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_a285:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_a475_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_a475:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_a275_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_a275:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2021-07-21T11:39Z"}