CVE-2020-8335
Severity Score
6.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495 BIOS versions up to r12uj55w; T495s/X395, BIOS versions up to r13uj47w, while the emergency-reset button is pressed which may allow for unauthorized access.
El mecanismo de detección de alteraciones del BIOS no fue activado en Lenovo ThinkPad A285, versiones de BIOS hasta r0xuj70w; A485, versiones de BIOS hasta r0wuj65w; T495 versiones de BIOS hasta r12uj55w; T495s/X395 versiones de BIOS hasta r13uj47w, mientras es presionado el botón de reinicio de emergencia que puede permitir un acceso no autorizado
*Credits:
Lenovo thanks Zoltan Harmath for reporting this issue.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-01-28 CVE Reserved
- 2020-09-01 CVE Published
- 2023-05-18 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.lenovo.com/us/en/product_security/LEN-30042 | 2020-09-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Lenovo Search vendor "Lenovo" | Thinkpad A275 Firmware Search vendor "Lenovo" for product "Thinkpad A275 Firmware" | < 2020-08-30 Search vendor "Lenovo" for product "Thinkpad A275 Firmware" and version " < 2020-08-30" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad A275 Search vendor "Lenovo" for product "Thinkpad A275" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad A285 Firmware Search vendor "Lenovo" for product "Thinkpad A285 Firmware" | < 2020-08-30 Search vendor "Lenovo" for product "Thinkpad A285 Firmware" and version " < 2020-08-30" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad A285 Search vendor "Lenovo" for product "Thinkpad A285" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad A475 Firmware Search vendor "Lenovo" for product "Thinkpad A475 Firmware" | < 2020-08-30 Search vendor "Lenovo" for product "Thinkpad A475 Firmware" and version " < 2020-08-30" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad A475 Search vendor "Lenovo" for product "Thinkpad A475" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad A485 Firmware Search vendor "Lenovo" for product "Thinkpad A485 Firmware" | < 2020-08-30 Search vendor "Lenovo" for product "Thinkpad A485 Firmware" and version " < 2020-08-30" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad A485 Search vendor "Lenovo" for product "Thinkpad A485" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad T495 Drift Firmware Search vendor "Lenovo" for product "Thinkpad T495 Drift Firmware" | < 2020-08-30 Search vendor "Lenovo" for product "Thinkpad T495 Drift Firmware" and version " < 2020-08-30" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad T495 Drift Search vendor "Lenovo" for product "Thinkpad T495 Drift" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad T495s Jazz Firmware Search vendor "Lenovo" for product "Thinkpad T495s Jazz Firmware" | < 2020-08-30 Search vendor "Lenovo" for product "Thinkpad T495s Jazz Firmware" and version " < 2020-08-30" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad T495s Jazz Search vendor "Lenovo" for product "Thinkpad T495s Jazz" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad X1 Carbon \(20bx\) Firmware Search vendor "Lenovo" for product "Thinkpad X1 Carbon \(20bx\) Firmware" | < n14et54w Search vendor "Lenovo" for product "Thinkpad X1 Carbon \(20bx\) Firmware" and version " < n14et54w" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad X1 Carbon \(20bx\) Search vendor "Lenovo" for product "Thinkpad X1 Carbon \(20bx\)" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad X395 Firmware Search vendor "Lenovo" for product "Thinkpad X395 Firmware" | < 2020-08-30 Search vendor "Lenovo" for product "Thinkpad X395 Firmware" and version " < 2020-08-30" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad X395 Search vendor "Lenovo" for product "Thinkpad X395" | - | - |
Safe
|