Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveLenovoCVE-2020-8353
HistoryNov 11, 2020 - 6:15 p.m.

CVE-2020-8353

2020-11-1118:15:11
CWE-16
lenovo
web.nvd.nist.gov
29
lenovo
desktop
workstation
ehbc
intel amt
cve-2020-8353
nvd

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.3

Confidence

High

EPSS

0

Percentile

5.1%

JSON

Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT.

Affected configurations

Nvd
Node
lenovothinkcentre_m80t_firmwareRange<2020-08-10
AND
lenovothinkcentre_m80tMatch-
Node
lenovothinkcentre_m80s_firmwareRange<2020-08-10
AND
lenovothinkcentre_m80sMatch-
Node
lenovothinkcentre_m90t_firmwareRange<2020-08-10
AND
lenovothinkcentre_m90tMatch-
Node
lenovothinkcentre_m90s_firmwareRange<2020-08-10
AND
lenovothinkcentre_m90sMatch-
Node
lenovothinkcentre_m910z_firmwareRange<2020-08-10
AND
lenovothinkcentre_m910zMatch-
Node
lenovothinkcentre_m920s_firmwareRange<2020-08-10
AND
lenovothinkcentre_m920sMatch-
Node
lenovothinkcentre_m920t_firmwareRange<2020-08-10
AND
lenovothinkcentre_m920tMatch-
Node
lenovothinkcentre_m920q_firmwareRange<2020-08-10
AND
lenovothinkcentre_m920qMatch-
Node
lenovothinkcentre_m920z_firmwareRange<2020-08-10
AND
lenovothinkcentre_m920zMatch-
Node
lenovothinkstation_p330t_firmwareRange<2020-08-10
AND
lenovothinkstation_p330tMatch-
Node
lenovothinkstation_p330s_firmwareRange<2020-08-10
AND
lenovothinkstation_p330sMatch-
Node
lenovothinkstation_p330_tiny_firmwareRange<2020-08-10
AND
lenovothinkstation_p330_tinyMatch-
Node
lenovothinkstation_p340t_firmwareRange<2020-08-10
AND
lenovothinkstation_p340tMatch-
Node
lenovothinkstation_p340s_firmwareRange<2020-08-10
AND
lenovothinkstation_p340sMatch-
VendorProductVersionCPE
lenovothinkcentre_m80t_firmware*cpe:2.3:o:lenovo:thinkcentre_m80t_firmware:*:*:*:*:*:*:*:*
lenovothinkcentre_m80t-cpe:2.3:h:lenovo:thinkcentre_m80t:-:*:*:*:*:*:*:*
lenovothinkcentre_m80s_firmware*cpe:2.3:o:lenovo:thinkcentre_m80s_firmware:*:*:*:*:*:*:*:*
lenovothinkcentre_m80s-cpe:2.3:h:lenovo:thinkcentre_m80s:-:*:*:*:*:*:*:*
lenovothinkcentre_m90t_firmware*cpe:2.3:o:lenovo:thinkcentre_m90t_firmware:*:*:*:*:*:*:*:*
lenovothinkcentre_m90t-cpe:2.3:h:lenovo:thinkcentre_m90t:-:*:*:*:*:*:*:*
lenovothinkcentre_m90s_firmware*cpe:2.3:o:lenovo:thinkcentre_m90s_firmware:*:*:*:*:*:*:*:*
lenovothinkcentre_m90s-cpe:2.3:h:lenovo:thinkcentre_m90s:-:*:*:*:*:*:*:*
lenovothinkcentre_m910z_firmware*cpe:2.3:o:lenovo:thinkcentre_m910z_firmware:*:*:*:*:*:*:*:*
lenovothinkcentre_m910z-cpe:2.3:h:lenovo:thinkcentre_m910z:-:*:*:*:*:*:*:*
Rows per page:
1-10 of 281

CNA Affected

[
  {
    "product": "Desktop and Workstation systems",
    "vendor": "Lenovo",
    "versions": [
      {
        "lessThan": "various",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Related

prion 1
nvd 1
cvelist 1
lenovo 1
prion
prion
Design/Logic Flaw
2020-11-11 18:15:00
nvd
nvd
CVE-2020-8353
2020-11-11 18:15:11
cvelist
cvelist
CVE-2020-8353
2020-11-11 17:35:18
lenovo
lenovo
Embedded Host Based Configuration (EHBC) feature of Intel AMT Enabled - Lenovo Support NL
2020-11-04 17:15:58

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.3

Confidence

High

EPSS

0

Percentile

5.1%

JSON
Related for CVE-2020-8353
prion1nvd1cvelist1lenovo1