CVE-2020-8334 — Improper Check for Unusual or Exceptional Conditions in Lenovo Bios

CWE-754 — Improper Check for Unusual or Exceptional Conditions CWE-863 — Incorrect Authorization3 documents3 sources

Severity

6.8MEDIUMNVD

CNA6.1

EPSS

0.1%

top 80.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo Bios

Timeline

PublishedJun 9

Latest updateMay 24

Description

The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T495s, X395, T495, A485, A285, A475, A275 which may allow for unauthorized access.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages1 packages

▶CVEListV5lenovo/biosvarious

🔴Vulnerability Details

GHSA

GHSA-9x9m-j8v4-cx96: The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T495s, X395, T495, A485, A285, A475, A275 which may allow for unauthorized ac↗2022-05-24

▶

CVEList

CVE-2020-8334: The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T495s, X395, T495, A485, A285, A475, A275 which may allow for unauthorized ac↗2020-06-09

▶