CVE-2020-8335

The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495 BIOS versions up to r12uj55w; T495s/X395, BIOS versions up to r13uj47w, while the emergency-reset button is pressed which may allow for unauthorized access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
lenovoCNA
6.1 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
VendorProductVersion
lenovothinkpad_a275_firmware
𝑥
< 2020-08-30
lenovothinkpad_a285_firmware
𝑥
< 2020-08-30
lenovothinkpad_a475_firmware
𝑥
< 2020-08-30
lenovothinkpad_a485_firmware
𝑥
< 2020-08-30
lenovothinkpad_t495_drift_firmware
𝑥
< 2020-08-30
lenovothinkpad_t495s_jazz_firmware
𝑥
< 2020-08-30
lenovothinkpad_x395_firmware
𝑥
< 2020-08-30
𝑥
= Vulnerable software versions
References
https://support.lenovo.com/us/en/product_security/LEN-30042
https://support.lenovo.com/us/en/product_security/LEN-30042