Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-8353

Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT.

Published

2020-11-11T18:15:11.767

Last Modified

2024-11-21T05:38:45.917

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-16
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	lenovo	thinkcentre_m80t_firmware	< 2020-08-10	Yes
Hardware	lenovo	thinkcentre_m80t	-	No
Operating System	lenovo	thinkcentre_m80s_firmware	< 2020-08-10	Yes
Hardware	lenovo	thinkcentre_m80s	-	No
Operating System	lenovo	thinkcentre_m90t_firmware	< 2020-08-10	Yes
Hardware	lenovo	thinkcentre_m90t	-	No
Operating System	lenovo	thinkcentre_m90s_firmware	< 2020-08-10	Yes
Hardware	lenovo	thinkcentre_m90s	-	No
Operating System	lenovo	thinkcentre_m910z_firmware	< 2020-08-10	Yes
Hardware	lenovo	thinkcentre_m910z	-	No
Operating System	lenovo	thinkcentre_m920s_firmware	< 2020-08-10	Yes
Hardware	lenovo	thinkcentre_m920s	-	No
Operating System	lenovo	thinkcentre_m920t_firmware	< 2020-08-10	Yes
Hardware	lenovo	thinkcentre_m920t	-	No
Operating System	lenovo	thinkcentre_m920q_firmware	< 2020-08-10	Yes
Hardware	lenovo	thinkcentre_m920q	-	No
Operating System	lenovo	thinkcentre_m920z_firmware	< 2020-08-10	Yes
Hardware	lenovo	thinkcentre_m920z	-	No
Operating System	lenovo	thinkstation_p330t_firmware	< 2020-08-10	Yes
Hardware	lenovo	thinkstation_p330t	-	No
Operating System	lenovo	thinkstation_p330s_firmware	< 2020-08-10	Yes
Hardware	lenovo	thinkstation_p330s	-	No
Operating System	lenovo	thinkstation_p330_tiny_firmware	< 2020-08-10	Yes
Hardware	lenovo	thinkstation_p330_tiny	-	No
Operating System	lenovo	thinkstation_p340t_firmware	< 2020-08-10	Yes
Hardware	lenovo	thinkstation_p340t	-	No
Operating System	lenovo	thinkstation_p340s_firmware	< 2020-08-10	Yes
Hardware	lenovo	thinkstation_p340s	-	No

References

https://support.lenovo.com/us/en/product_security/LEN-44725 Exploit, Vendor Advisory ([email protected])
https://support.lenovo.com/us/en/product_security/LEN-44725 Exploit, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)