CVE-2020-8334

Published: Jun 9, 2020Modified: Nov 21, 2024

6.8

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.9 / Impact: 5.9

Source: NVD

Description

The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T495s, X395, T495, A485, A285, A475, A275 which may allow for unauthorized access.

Affected (7)

Products: Lenovo: Thinkpad T495s Firmware, Thinkpad X395 Firmware, Thinkpad T495 Firmware, Thinkpad A485 Firmware, Thinkpad A285 Firmware, Thinkpad A475 Firmware, Thinkpad A275 Firmware

Lenovo

7 products

Thinkpad T495s Firmware

Thinkpad X395 Firmware

Thinkpad T495 Firmware

Thinkpad A485 Firmware

Thinkpad A285 Firmware

Thinkpad A475 Firmware

Thinkpad A275 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkpad T495s Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkpad T495s	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkpad X395 Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkpad X395	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkpad T495 Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkpad T495	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkpad A485 Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkpad A485	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkpad A285 Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkpad A285	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkpad A475 Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkpad A475	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkpad A275 Firmware	All versions

Running on/with	Platform Versions
Lenovo Thinkpad A275	All versions

Related CWEs

CWE-754

Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

References (2)

https://support.lenovo.com/us/en/product_security/LEN-30042

Source: psirt@lenovo.com

Vendor Advisory

https://support.lenovo.com/us/en/product_security/LEN-30042

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.