**Lenovo Security Advisory:**LEN-44725
**Potential Impact:**Insecure configuration
**Severity:**High
**Scope of Impact:**Lenovo-specific
**CVE Identifier:**CVE-2020-8353
Summary Description:
Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT.
The following products are affected if shipped before August 10, 2020:
Mitigation Strategy for Customers (what you should do to protect yourself):
Use the Intelยฎ AMT Configuration Utility 12.2.0.150 or later to verify the EHBC is enabled.
For this example, the command line interface of the configurator (ACUConfig.exe) is being used and is located in Configurator folder available in the Intelยฎ Setup and Configuration Software (Intelยฎ SCS) Kit in the screenshot below
At command prompt, browse to the directory where the ACUconfig.exe is located and type:
ACUConfig.exe /verbose /output console Status
To disable Intel EHBC:
ACUConfig.exe DisableEhbcState
References:
Revision History:
Revision | Date | Description |
---|---|---|
1 | 2020-11-10 | Initial release |
For a complete list of all Lenovo Product Security Advisories, click here.
For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on an โas isโ basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.