CVE-2020-8353
6.7
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.8 / Impact: 5.9
Source: NVD
Description
Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT.
Affected (14)
Products: Lenovo: Thinkcentre M80t Firmware, Thinkcentre M80s Firmware, Thinkcentre M90t Firmware, Thinkcentre M90s Firmware, Thinkcentre M910z Firmware, Thinkcentre M920s Firmware, Thinkcentre M920t Firmware, Thinkcentre M920q Firmware, Thinkcentre M920z Firmware, Thinkstation P330t Firmware, Thinkstation P330s Firmware, Thinkstation P330 Tiny Firmware, Thinkstation P340t Firmware, Thinkstation P340s Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2020-08-10 |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkcentre M80t | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2020-08-10 |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkcentre M80s | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2020-08-10 |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkcentre M90t | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2020-08-10 |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkcentre M90s | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2020-08-10 |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkcentre M910z | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2020-08-10 |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkcentre M920s | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2020-08-10 |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkcentre M920t | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2020-08-10 |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkcentre M920q | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2020-08-10 |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkcentre M920z | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2020-08-10 |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkstation P330t | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2020-08-10 |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkstation P330s | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2020-08-10 |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkstation P330 Tiny | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2020-08-10 |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkstation P340t | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2020-08-10 |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkstation P340s | All versions |
Related CWEs
References (2)
Source: psirt@lenovo.com
ExploitVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitVendor Advisory
Timeline
No history available yet.