CVE-2020-8335

Description

The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495 BIOS versions up to r12uj55w; T495s/X395, BIOS versions up to r13uj47w, while the emergency-reset button is pressed which may allow for unauthorized access.

Remediation

Solution:

Update BIOS to the following BIOS versions (or later): Lenovo ThinkPad A285: r0xuj70w ; A485: r0wuj65w ; T495: r12uj55w ; T495s/X395: r13uj47w

6.1

CVSS

Severity: Medium

CVSS 3.1 •

CVSS 2.0 •

EPSS 0.07%

Vendor Advisory lenovo.com

Affected: Lenovo ThinkPad A285 BIOS

Affected: Lenovo ThinkPad A485 BIOS

Affected: Lenovo ThinkPad T495 BIOS

Affected: Lenovo ThinkPad T495s/X395 BIOS

References

Link	Tags
https://support.lenovo.com/us/en/product_security/LEN-30042	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2020-8335?: CVE-2020-8335 has been scored as a medium severity vulnerability.
How to fix CVE-2020-8335?: To fix CVE-2020-8335: Update BIOS to the following BIOS versions (or later): Lenovo ThinkPad A285: r0xuj70w ; A485: r0wuj65w ; T495: r12uj55w ; T495s/X395: r13uj47w
Is CVE-2020-8335 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2020-8335 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2020-8335?: CVE-2020-8335 affects Lenovo ThinkPad A285 BIOS, Lenovo ThinkPad A485 BIOS, Lenovo ThinkPad T495 BIOS, Lenovo ThinkPad T495s/X395 BIOS.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.