CVE-2020-8353

Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT.

Published: Nov 11, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-8353
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.7
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
lenovo / thinkcentre_m80t_firmware	-	2020-08-10
lenovo / thinkcentre_m80s_firmware	-	2020-08-10
lenovo / thinkcentre_m90t_firmware	-	2020-08-10
lenovo / thinkcentre_m90s_firmware	-	2020-08-10
lenovo / thinkcentre_m910z_firmware	-	2020-08-10
lenovo / thinkcentre_m920s_firmware	-	2020-08-10
lenovo / thinkcentre_m920t_firmware	-	2020-08-10
lenovo / thinkcentre_m920q_firmware	-	2020-08-10
lenovo / thinkcentre_m920z_firmware	-	2020-08-10
lenovo / thinkstation_p330t_firmware	-	2020-08-10
lenovo / thinkstation_p330s_firmware	-	2020-08-10
lenovo / thinkstation_p330_tiny_firmware	-	2020-08-10
lenovo / thinkstation_p340t_firmware	-	2020-08-10
lenovo / thinkstation_p340s_firmware	-	2020-08-10

https://support.lenovo.com/us/en/product_security/LEN-44725

Vulnerability Database

289,697

CVE-2020-8353