What is CVE-2020-8334?

CVE-2020-8334 is a medium-severity vulnerability in Lenovo Bios, classified under Improper Check for Unusual or Exceptional Conditions. CVSS score: 6.1/10. Published 2020-06-09.

How severe is CVE-2020-8334?

Medium severity. CVSS v3 base score is 6.1 out of 10.

Vulnerability in Lenovo Bios

CVE-2020-8334

The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T495s, X395, T495, A485, A285, A475, A275 which may allow for unauthorized access.

EPSS: 0.003 (22.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H.

Affected products

Lenovo Bios — versions various
Lenovo Thinkpad_a275
Lenovo Thinkpad_a275_firmware
Lenovo Thinkpad_a285
Lenovo Thinkpad_a285_firmware
Lenovo Thinkpad_a475
Lenovo Thinkpad_a475_firmware
Lenovo Thinkpad_a485
Lenovo Thinkpad_a485_firmware
Lenovo Thinkpad_t495

Weakness classification (CWE)

CWE-754 — Improper Check for Unusual or Exceptional Conditions

References

psirt@lenovo.com (x_refsource_MISC, Vendor Advisory)

Frequently asked questions

What is CVE-2020-8334?: CVE-2020-8334 is a medium-severity vulnerability in Lenovo Bios, classified under Improper Check for Unusual or Exceptional Conditions. CVSS score: 6.1/10. Published 2020-06-09.
How severe is CVE-2020-8334?: Medium severity. CVSS v3 base score is 6.1 out of 10.