Vulnerabilities > CVE-2020-8353 - Unspecified vulnerability in Lenovo products

CVSS 6.7 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

lenovo

NVD

Published: 2020-11-11

Updated: 2020-11-30

Summary

Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT.

Vulnerable Configurations

Part	Description	Count
OS	Lenovo Lenovo Thinkcentre M80T Firmware - Lenovo Thinkcentre M80S Firmware - Lenovo Thinkcentre M90T Firmware - Lenovo Thinkcentre M90S Firmware - Lenovo Thinkcentre M910Z Firmware - Lenovo Thinkcentre M910Z Firmware 6.0.1.8642 Lenovo Thinkcentre M910Z Firmware 6.0.8881.1 Lenovo Thinkcentre M920S Firmware - Lenovo Thinkcentre M920T Firmware - Lenovo Thinkcentre M920Q Firmware - Lenovo Thinkcentre M920Z Firmware - Lenovo Thinkstation P330T Firmware - Lenovo Thinkstation P330S Firmware - Lenovo Thinkstation P330 Tiny Firmware - Lenovo Thinkstation P330 Tiny Firmware 6.0.8923.1 Lenovo Thinkstation P340T Firmware - Lenovo Thinkstation P340S Firmware -	17
Hardware	Lenovo Lenovo Thinkcentre M80T - Lenovo Thinkcentre M80S - Lenovo Thinkcentre M90T - Lenovo Thinkcentre M90S - Lenovo Thinkcentre M910Z - Lenovo Thinkcentre M920S - Lenovo Thinkcentre M920T - Lenovo Thinkcentre M920Q - Lenovo Thinkcentre M920Z - Lenovo Thinkstation P330T - Lenovo Thinkstation P330S - Lenovo Thinkstation P330 Tiny - Lenovo Thinkstation P340T - Lenovo Thinkstation P340S -	14

References

https://support.lenovo.com/us/en/product_security/LEN-44725