CVE-2020-8335 — Lenovo Thinkpad A285 Bios vulnerability

3 documents3 sources

Severity

6.8MEDIUMNVD

CNA6.1

EPSS

0.1%

top 78.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo Thinkpad A285 Bios Lenovo Thinkpad A485 Bios Lenovo Thinkpad T495 Bios +9 more

Timeline

PublishedSep 1

Latest updateMay 24

Description

The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495 BIOS versions up to r12uj55w; T495s/X395, BIOS versions up to r13uj47w, while the emergency-reset button is pressed which may allow for unauthorized access.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages12 packages

▶CVEListV5lenovo/thinkpad_t495s_x395_biosunspecified — r13uj47w

▶CVEListV5lenovo/thinkpad_a285_biosunspecified — r0xuj70w

▶CVEListV5lenovo/thinkpad_a485_biosunspecified — r0wuj65w

▶CVEListV5lenovo/thinkpad_t495_biosunspecified — r12uj55w

▶NVDlenovo/thinkpad_t495s_jazz_firmware< 2020-08-30

🔴Vulnerability Details

GHSA

GHSA-fvh7-v69p-hj2v: The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495↗2022-05-24

▶

CVEList

CVE-2020-8335: The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495↗2020-09-01

▶