Lucene search

[email protected]CVE-2020-8353

HistoryNov 11, 2020 - 6:15 p.m.

CVE-2020-8353

2020-11-1118:15:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

lenovo

desktop

workstation

ehbc

intel amt

cve-2020-8353

nvd

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

AI Score

Confidence

High

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT.

CPENameOperatorVersion
lenovo:thinkcentre_m80t_firmwarelenovo thinkcentre m80t firmwarelt2020-08-10
lenovo:thinkcentre_m80s_firmwarelenovo thinkcentre m80s firmwarelt2020-08-10
lenovo:thinkcentre_m90t_firmwarelenovo thinkcentre m90t firmwarelt2020-08-10
lenovo:thinkcentre_m90s_firmwarelenovo thinkcentre m90s firmwarelt2020-08-10
lenovo:thinkcentre_m910z_firmwarelenovo thinkcentre m910z firmwarelt2020-08-10
lenovo:thinkcentre_m920s_firmwarelenovo thinkcentre m920s firmwarelt2020-08-10
lenovo:thinkcentre_m920t_firmwarelenovo thinkcentre m920t firmwarelt2020-08-10
lenovo:thinkcentre_m920q_firmwarelenovo thinkcentre m920q firmwarelt2020-08-10
lenovo:thinkcentre_m920z_firmwarelenovo thinkcentre m920z firmwarelt2020-08-10
lenovo:thinkstation_p330t_firmwarelenovo thinkstation p330t firmwarelt2020-08-10

CPE	Name	Operator	Version
lenovo:thinkcentre_m80t_firmware	lenovo thinkcentre m80t firmware	lt	2020-08-10
lenovo:thinkcentre_m80s_firmware	lenovo thinkcentre m80s firmware	lt	2020-08-10
lenovo:thinkcentre_m90t_firmware	lenovo thinkcentre m90t firmware	lt	2020-08-10
lenovo:thinkcentre_m90s_firmware	lenovo thinkcentre m90s firmware	lt	2020-08-10
lenovo:thinkcentre_m910z_firmware	lenovo thinkcentre m910z firmware	lt	2020-08-10
lenovo:thinkcentre_m920s_firmware	lenovo thinkcentre m920s firmware	lt	2020-08-10
lenovo:thinkcentre_m920t_firmware	lenovo thinkcentre m920t firmware	lt	2020-08-10
lenovo:thinkcentre_m920q_firmware	lenovo thinkcentre m920q firmware	lt	2020-08-10
lenovo:thinkcentre_m920z_firmware	lenovo thinkcentre m920z firmware	lt	2020-08-10
lenovo:thinkstation_p330t_firmware	lenovo thinkstation p330t firmware	lt	2020-08-10

Rows per page:

1-10 of 141

References

support.lenovo.com/us/en/product_security/LEN-44725

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

AI Score

Confidence

High

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2020-8353

lenovo1 prion1