CVE-2020-8353

CWE-163 documents3 sources

Severity

6.7MEDIUM

EPSS

0.0%

top 84.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo Desktop AND Workstation Systems Lenovo Thinkcentre M80s Firmware Lenovo Thinkcentre M80t Firmware +12 more

Timeline

PublishedNov 11

Latest updateMay 24

Description

Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages15 packages

▶CVEListV5lenovo/desktop_and_workstation_systemsunspecified — various

▶NVDlenovo/thinkcentre_m80s_firmware< 2020-08-10

▶NVDlenovo/thinkcentre_m80t_firmware< 2020-08-10

▶NVDlenovo/thinkcentre_m90s_firmware< 2020-08-10

▶NVDlenovo/thinkcentre_m90t_firmware< 2020-08-10

🔴Vulnerability Details

GHSA

GHSA-2h67-7cm6-5mr3: Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel↗2022-05-24

▶

CVEList

CVE-2020-8353: Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel↗2020-11-11

▶