CVE-2020-8335 MEDIUM

CVE-2020-8335

Vendor Lenovo
Product ThinkPad A285 BIOS
Published September 1, 2020
Last update September 16, 2024

CVSS base score

6.1/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495 BIOS versions up to r12uj55w; T495s/X395, BIOS versions up to r13uj47w, while the emergency-reset button is pressed which may allow for unauthorized access.

Key dates

02Disclosure timeline

September 1, 2020 CVE published
September 16, 2024 Record updated