Vulnerability Details : CVE-2020-8353
Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT.
Products affected by CVE-2020-8353
- cpe:2.3:o:lenovo:thinkcentre_m910z_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lenovo:thinkcentre_m920z_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lenovo:thinkcentre_m920q_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lenovo:thinkcentre_m920t_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lenovo:thinkcentre_m920s_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lenovo:thinkstation_p330_tiny_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lenovo:thinkcentre_m80t_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lenovo:thinkcentre_m80s_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lenovo:thinkcentre_m90t_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lenovo:thinkcentre_m90s_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lenovo:thinkstation_p330t_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lenovo:thinkstation_p330s_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lenovo:thinkstation_p340t_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lenovo:thinkstation_p340s_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-8353
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-8353
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST | |
6.7
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
0.8
|
5.9
|
NIST | |
6.7
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
0.8
|
5.9
|
Lenovo Group Ltd. |
CWE ids for CVE-2020-8353
-
Assigned by: psirt@lenovo.com (Secondary)
References for CVE-2020-8353
-
https://support.lenovo.com/us/en/product_security/LEN-44725
Embedded Host Based Configuration (EHBC) feature of Intel AMT Enabled - Lenovo Support USExploit;Vendor Advisory
Jump to