CVE-2020-8353 — MEDIUM (6.7)

Q: How severe is CVE-2020-8353?

CVE-2020-8353 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-8353?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Thinkcentre M80T Firmware, Lenovo Thinkcentre M80T, Lenovo Thinkcentre M80S Firmware, Lenovo Thinkcentre M80S, Lenovo Thinkcentre M90T Firmware.

Vulnerability Description

Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT.

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Lenovo	Thinkcentre M80T Firmware	< 2020-08-10
Lenovo	Thinkcentre M80T	-
Lenovo	Thinkcentre M80S Firmware	< 2020-08-10
Lenovo	Thinkcentre M80S	-
Lenovo	Thinkcentre M90T Firmware	< 2020-08-10
Lenovo	Thinkcentre M90T	-
Lenovo	Thinkcentre M90S Firmware	< 2020-08-10
Lenovo	Thinkcentre M90S	-
Lenovo	Thinkcentre M910Z Firmware	< 2020-08-10
Lenovo	Thinkcentre M910Z	-
Lenovo	Thinkcentre M920S Firmware	< 2020-08-10
Lenovo	Thinkcentre M920S	-
Lenovo	Thinkcentre M920T Firmware	< 2020-08-10
Lenovo	Thinkcentre M920T	-
Lenovo	Thinkcentre M920Q Firmware	< 2020-08-10
Lenovo	Thinkcentre M920Q	-
Lenovo	Thinkcentre M920Z Firmware	< 2020-08-10
Lenovo	Thinkcentre M920Z	-
Lenovo	Thinkstation P330T Firmware	< 2020-08-10
Lenovo	Thinkstation P330T	-

Related Weaknesses (CWE)

CWE-16

References

https://support.lenovo.com/us/en/product_security/LEN-44725ExploitVendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-44725ExploitVendor Advisory

FAQ

What is CVE-2020-8353?

CVE-2020-8353 is a vulnerability with a CVSS score of 6.7 (MEDIUM). Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative us...

How severe is CVE-2020-8353?

CVE-2020-8353 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-8353?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Thinkcentre M80T Firmware, Lenovo Thinkcentre M80T, Lenovo Thinkcentre M80S Firmware, Lenovo Thinkcentre M80S, Lenovo Thinkcentre M90T Firmware.