CVE-2020-8335

The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495 BIOS versions up to r12uj55w; T495s/X395, BIOS versions up to r13uj47w, while the emergency-reset button is pressed which may allow for unauthorized access.

Published: Sep 2, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-8335
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.8
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
lenovo / thinkpad_a275_firmware	-	2020-08-30
lenovo / thinkpad_a285_firmware	-	2020-08-30
lenovo / thinkpad_a475_firmware	-	2020-08-30
lenovo / thinkpad_a485_firmware	-	2020-08-30
lenovo / thinkpad_t495_drift_firmware	-	2020-08-30
lenovo / thinkpad_t495s_jazz_firmware	-	2020-08-30
lenovo / thinkpad_x1_carbon_(20bx)_firmware	-	n14et54w
lenovo / thinkpad_x395_firmware	-	2020-08-30

https://support.lenovo.com/us/en/product_security/LEN-30042

Vulnerability Database

289,784

CVE-2020-8335