Vulnerabilites related to lenovo - thinkpad_t495_drift_firmware
Vulnerability from fkie_nvd
Published
2020-09-01 22:15
Modified
2024-11-21 05:38
Severity ?
6.1 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495 BIOS versions up to r12uj55w; T495s/X395, BIOS versions up to r13uj47w, while the emergency-reset button is pressed which may allow for unauthorized access.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkpad_a275_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FAF7EBD-E0B3-414B-BDF7-5CF70AD53F2C",
"versionEndExcluding": "2020-08-30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_a275:-:*:*:*:*:*:*:*",
"matchCriteriaId": "577AACCC-001A-4C73-B036-CA942080304F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkpad_a285_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B80F55-F4AD-45BF-8FD4-C546138A179F",
"versionEndExcluding": "2020-08-30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_a285:-:*:*:*:*:*:*:*",
"matchCriteriaId": "259D895B-9968-41CF-8DB4-FAAB5A4C04AF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkpad_a475_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0CC938-42B6-420F-8660-3BA69FA50F9C",
"versionEndExcluding": "2020-08-30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_a475:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE1D9347-9561-45A3-A434-3A0802BC8953",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkpad_a485_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD997105-2FB0-41C7-AC12-98C972485EEE",
"versionEndExcluding": "2020-08-30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_a485:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37B871C5-73F4-43FF-BCF1-B9B1B52FAC31",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkpad_t495_drift_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33CEA6E9-09DD-45AB-B77D-1DB74BE1721D",
"versionEndExcluding": "2020-08-30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_t495_drift:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E27B26-3BF6-4FCE-BF1B-8F0B857BF454",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkpad_t495s_jazz_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0906BF92-4099-4A8E-9D8E-00296E55E8EA",
"versionEndExcluding": "2020-08-30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_t495s_jazz:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC42264F-7F33-48BC-BD51-B7003EC67AC2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkpad_x1_carbon_\\(20bx\\)_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C24CC5B-2CCE-4D50-8911-53F944F57435",
"versionEndExcluding": "n14et54w",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_x1_carbon_\\(20bx\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "452FEEFB-F073-45F0-AAB1-6CD6C67B7488",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkpad_x395_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA8F1835-628C-4AF0-A32B-00E9AB7EFA2F",
"versionEndExcluding": "2020-08-30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_x395:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D5D2DC-32C0-4540-82AF-D97735383028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495 BIOS versions up to r12uj55w; T495s/X395, BIOS versions up to r13uj47w, while the emergency-reset button is pressed which may allow for unauthorized access."
},
{
"lang": "es",
"value": "El mecanismo de detecci\u00f3n de alteraciones del BIOS no fue activado en Lenovo ThinkPad A285, versiones de BIOS hasta r0xuj70w;\u0026#xa0;A485, versiones de BIOS hasta r0wuj65w;\u0026#xa0;T495 versiones de BIOS hasta r12uj55w;\u0026#xa0;T495s/X395 versiones de BIOS hasta r13uj47w, mientras es presionado el bot\u00f3n de reinicio de emergencia que puede permitir un acceso no autorizado"
}
],
"id": "CVE-2020-8335",
"lastModified": "2024-11-21T05:38:43.957",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.2,
"source": "psirt@lenovo.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-01T22:15:10.313",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-30042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-30042"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-01 22:15
Modified
2024-11-21 05:38
Severity ?
Summary
In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). After resuming from S3 sleep mode in various versions of BIOS for some Lenovo ThinkPad systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkpad_t490_\\(20nx\\)_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0ED900A-DA9D-4AB6-9BE4-3037D45978C2",
"versionEndExcluding": "n2iet90w",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_t490_\\(20nx\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FCE9161-C5D8-4BC2-B075-C828EE330953",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkpad_t490_\\(20qx\\)_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D381BE27-C4D8-41E8-BFB4-4F215CF95D50",
"versionEndExcluding": "n2iet90w",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_t490_\\(20qx\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFC65D06-DEF3-43B1-87D0-4E77E87788AD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkpad_t490_\\(20rx\\)_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F54EAADF-C531-458A-93EB-3BEFFCB46D29",
"versionEndExcluding": "n2ret16w",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_t490_\\(20rx\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE25D8AC-240A-4282-9740-9936B6993056",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkpad_t490s_\\(20nx\\)_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D47E30A9-5816-4403-82FE-093FDE585945",
"versionEndExcluding": "n2jet89w",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_t490s_\\(20nx\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD17ABF1-EC17-42FE-9423-CC4667BE8F46",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkpad_t495_drift_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33CEA6E9-09DD-45AB-B77D-1DB74BE1721D",
"versionEndExcluding": "2020-08-30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_t495_drift:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E27B26-3BF6-4FCE-BF1B-8F0B857BF454",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkpad_t590_\\(20nx\\)_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7D8E1B5-4883-4D69-B49C-C5B87846C214",
"versionEndExcluding": "n2iet90w",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_t590_\\(20nx\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "807167DF-CB8C-4236-86A5-B82899157830",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkpad_x1_carbon_\\(20qx\\)_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1736FD68-7594-4641-B5F2-8CA561CF82CC",
"versionEndExcluding": "n2het54w",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_x1_carbon_\\(20qx\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "449F3F75-026A-46FA-BEAC-C07709428D3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkpad_x1_yoga_\\(20qx\\)_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A18FEBB-D550-43EF-8C49-A67C08230FCC",
"versionEndExcluding": "n2het54w",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_x1_yoga_\\(20qx\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "02F1D644-18DE-4C44-855A-76FC4762877E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkpad_x390_\\(20qx\\)_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ECDED187-4666-4F97-A367-AD3328D26BB1",
"versionEndExcluding": "n2jet89w",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_x390_\\(20qx\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC972297-7E55-49E8-A305-22947FB65768",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkpad_x390_\\(20sx\\)_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "898080AE-8CD9-40D6-AA2A-3DC2FED5DCB3",
"versionEndExcluding": "n2set18w",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_x390_\\(20sx\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "99C27CFA-A88C-40ED-9A6F-8E6CC9DDC6BD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). After resuming from S3 sleep mode in various versions of BIOS for some Lenovo ThinkPad systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected."
},
{
"lang": "es",
"value": "En los sistemas Lenovo, SMM BIOS Write Protection es usada para impedir escrituras en la SPI Flash.\u0026#xa0;Si bien esto proporciona suficiente protecci\u00f3n, una capa adicional de protecci\u00f3n es proporcionada por SPI Protected Range Registers (PRx).\u0026#xa0;Despu\u00e9s de reanudar desde el modo de suspensi\u00f3n S3 en varias versiones de BIOS para algunos sistemas Lenovo ThinkPad, el PRx no est\u00e1 configurado.\u0026#xa0;Esto no afecta a SMM BIOS Write Protection, que mantiene los sistemas protegidos"
}
],
"id": "CVE-2020-8341",
"lastModified": "2024-11-21T05:38:44.680",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-01T22:15:10.377",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-30042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-30042"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2020-8335
Vulnerability from cvelistv5
Published
2020-09-01 21:30
Modified
2024-09-16 18:04
Severity ?
EPSS score ?
Summary
The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495 BIOS versions up to r12uj55w; T495s/X395, BIOS versions up to r13uj47w, while the emergency-reset button is pressed which may allow for unauthorized access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/us/en/product_security/LEN-30042 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Lenovo | ThinkPad A285 BIOS |
Version: unspecified < r0xuj70w |
||||||||||||
|
|||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:28.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-30042"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ThinkPad A285 BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "r0xuj70w",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "ThinkPad A485 BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "r0wuj65w",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "ThinkPad T495 BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "r12uj55w",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "ThinkPad T495s/X395 BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "r13uj47w",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks Zoltan Harmath for reporting this issue."
}
],
"datePublic": "2020-09-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495 BIOS versions up to r12uj55w; T495s/X395, BIOS versions up to r13uj47w, while the emergency-reset button is pressed which may allow for unauthorized access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unauthorized access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-01T21:30:16",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-30042"
}
],
"solutions": [
{
"lang": "en",
"value": "Update BIOS to the following BIOS versions (or later): Lenovo ThinkPad A285: r0xuj70w ; A485: r0wuj65w ; T495: r12uj55w ; T495s/X395: r13uj47w"
}
],
"source": {
"advisory": "LEN-30042",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2020-09-01T21:00:00.000Z",
"ID": "CVE-2020-8335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ThinkPad A285 BIOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "r0xuj70w"
}
]
}
},
{
"product_name": "ThinkPad A485 BIOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "r0wuj65w"
}
]
}
},
{
"product_name": "ThinkPad T495 BIOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "r12uj55w"
}
]
}
},
{
"product_name": "ThinkPad T495s/X395 BIOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "r13uj47w"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks Zoltan Harmath for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495 BIOS versions up to r12uj55w; T495s/X395, BIOS versions up to r13uj47w, while the emergency-reset button is pressed which may allow for unauthorized access."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unauthorized access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-30042",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/LEN-30042"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update BIOS to the following BIOS versions (or later): Lenovo ThinkPad A285: r0xuj70w ; A485: r0wuj65w ; T495: r12uj55w ; T495s/X395: r13uj47w"
}
],
"source": {
"advisory": "LEN-30042",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2020-8335",
"datePublished": "2020-09-01T21:30:16.224941Z",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-09-16T18:04:17.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8341
Vulnerability from cvelistv5
Published
2020-09-01 21:30
Modified
2024-09-16 23:16
Severity ?
EPSS score ?
Summary
In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). After resuming from S3 sleep mode in various versions of BIOS for some Lenovo ThinkPad systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/us/en/product_security/LEN-30042 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:28.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-30042"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ThinkPad",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2020-09-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). After resuming from S3 sleep mode in various versions of BIOS for some Lenovo ThinkPad systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "None",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-01T21:30:16",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-30042"
}
],
"solutions": [
{
"lang": "en",
"value": "No action required. Lenovo has updated BIOS for systems in the product impact section to implement this secondary protection, PRx."
}
],
"source": {
"advisory": "LEN-30042",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2020-09-01T21:00:00.000Z",
"ID": "CVE-2020-8341",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ThinkPad",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). After resuming from S3 sleep mode in various versions of BIOS for some Lenovo ThinkPad systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "None"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-30042",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/LEN-30042"
}
]
},
"solution": [
{
"lang": "en",
"value": "No action required. Lenovo has updated BIOS for systems in the product impact section to implement this secondary protection, PRx."
}
],
"source": {
"advisory": "LEN-30042",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2020-8341",
"datePublished": "2020-09-01T21:30:16.648832Z",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-09-16T23:16:41.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}