CVE-2020-8334

The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T495s, X395, T495, A485, A285, A475, A275 which may allow for unauthorized access.

CVSS v3 6.8 MEDIUM
CVSS v2.0 4.6 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://support.lenovo.com/us/en/product_security/LEN-30042	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:h:lenovo:thinkpad_t495s:-:*:*:*:*:*:*:*

cpe:2.3:o:lenovo:thinkpad_t495s_firmware:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:h:lenovo:thinkpad_x395:-:*:*:*:*:*:*:*

cpe:2.3:o:lenovo:thinkpad_x395_firmware:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:h:lenovo:thinkpad_t495:-:*:*:*:*:*:*:*

cpe:2.3:o:lenovo:thinkpad_t495_firmware:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:h:lenovo:thinkpad_a485:-:*:*:*:*:*:*:*

cpe:2.3:o:lenovo:thinkpad_a485_firmware:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:h:lenovo:thinkpad_a285:-:*:*:*:*:*:*:*

cpe:2.3:o:lenovo:thinkpad_a285_firmware:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:h:lenovo:thinkpad_a475:-:*:*:*:*:*:*:*

cpe:2.3:o:lenovo:thinkpad_a475_firmware:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:h:lenovo:thinkpad_a275:-:*:*:*:*:*:*:*

cpe:2.3:o:lenovo:thinkpad_a275_firmware:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-06-09 20:15

Updated : 2021-07-21 11:39

NVD link : CVE-2020-8334

Mitre link : CVE-2020-8334

CVE.ORG link : CVE-2020-8334

JSON object : View

Products Affected

lenovo

thinkpad_a475_firmware
thinkpad_x395_firmware
thinkpad_t495
thinkpad_t495s_firmware
thinkpad_a285
thinkpad_t495s
thinkpad_t495_firmware
thinkpad_a275
thinkpad_x395
thinkpad_a475
thinkpad_a285_firmware
thinkpad_a485
thinkpad_a275_firmware
thinkpad_a485_firmware

CWE

CWE-754

Improper Check for Unusual or Exceptional Conditions

{"id": "CVE-2020-8334", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}, {"type": "Secondary", "source": "psirt@lenovo.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 0.9}]}, "published": "2020-06-09T20:15:22.600", "references": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-30042", "tags": ["Vendor Advisory"], "source": "psirt@lenovo.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-754"}]}], "descriptions": [{"lang": "en", "value": "The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T495s, X395, T495, A485, A285, A475, A275 which may allow for unauthorized access."}, {"lang": "es", "value": "El mecanismo de detecci\u00f3n de manipulaci\u00f3n del BIOS no se activ\u00f3 en Lenovo ThinkPad T495s, X395, T495, A485, A285, A475, A275, lo que puede permitir un acceso no autorizado"}], "lastModified": "2021-07-21T11:39:23.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkpad_t495s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "549B577D-FAF3-4040-AB84-EC89619C438D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkpad_t495s_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE13B602-1151-403A-B26F-5CCF6BA7034D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkpad_x395:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C9D5D2DC-32C0-4540-82AF-D97735383028"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkpad_x395_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "476D392B-6CFA-41C0-BB10-FFF6291CE370"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkpad_t495:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "59D1AB23-EF93-48F6-BB7C-BC809EB69163"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkpad_t495_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8325C978-9B75-40FE-AC15-7ED77FA03FC2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkpad_a485:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "37B871C5-73F4-43FF-BCF1-B9B1B52FAC31"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkpad_a485_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9719CB03-23EA-4E58-80B9-F08A9EB7B447"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkpad_a285:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "259D895B-9968-41CF-8DB4-FAAB5A4C04AF"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkpad_a285_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56C6F654-B6BC-4F04-8482-2D45893B95E0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkpad_a475:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EE1D9347-9561-45A3-A434-3A0802BC8953"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkpad_a475_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DE3B50D-634C-49E7-A8A9-2E00A535D3F0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkpad_a275:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "577AACCC-001A-4C73-B036-CA942080304F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkpad_a275_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "279A45F5-A139-449B-B054-A39217E2AC66"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@lenovo.com"}