CVE-2020-8353

Published Nov 11, 2020
Last updated 4 years ago
CVSS medium 6.7
Overview

Description: Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT.
Source: psirt@lenovo.com
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 6.7
Impact score: 5.9
Exploitability score: 0.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM
CVSS 2.0

Type: Primary
Base score: 4.6
Impact score: 6.4
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:P/A:P
Weaknesses

nvd@nist.gov: NVD-CWE-noinfo
psirt@lenovo.com: CWE-16
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:thinkcentre_m80t_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C008DF2-92B2-486D-8A04-AA41DBFED5DC",
            "versionEndExcluding": "2020-08-10"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:thinkcentre_m80t:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3DEDED31-3B1C-4289-8056-82606B246978"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:thinkcentre_m80s_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC09ADB4-9D16-4E98-A92B-AC00B05496B8",
            "versionEndExcluding": "2020-08-10"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:thinkcentre_m80s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9292E0CE-B3CC-44F6-8673-3FADFA37C3F6"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:thinkcentre_m90t_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "473BD076-C7CC-4E4B-80B6-7B2347CB2B25",
            "versionEndExcluding": "2020-08-10"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:thinkcentre_m90t:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B52C1612-1479-4A98-8EF7-DB7BF44D7396"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:thinkcentre_m90s_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "773349AE-6F8C-46F8-A1C8-85869B30DDED",
            "versionEndExcluding": "2020-08-10"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:thinkcentre_m90s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "466521C7-6E6B-473D-B188-D5FCD83375DA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:thinkcentre_m910z_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6042E2BC-555C-4540-B20F-09DFF782033C",
            "versionEndExcluding": "2020-08-10"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:thinkcentre_m910z:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1231901B-75B3-412A-88A4-D9971D8EE735"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:thinkcentre_m920s_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "10A93D10-88D9-49B8-9667-F038CCEFBB78",
            "versionEndExcluding": "2020-08-10"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:thinkcentre_m920s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "86CEA502-29BC-4F04-AF51-53B8CE39D1DB"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:thinkcentre_m920t_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7FBCC6FC-5E16-42D4-8DE9-FD1EB64A0014",
            "versionEndExcluding": "2020-08-10"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:thinkcentre_m920t:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AA136174-6A29-4DD8-BF2F-BEC629ED216B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:thinkcentre_m920q_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6DB47EBD-A986-4114-86EE-6C6DCC9667ED",
            "versionEndExcluding": "2020-08-10"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:thinkcentre_m920q:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "18964E52-51F6-4C64-A471-A09FB2E7A4C1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:thinkcentre_m920z_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9624FBAC-31E4-4AF4-94C3-7C133D00C918",
            "versionEndExcluding": "2020-08-10"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:thinkcentre_m920z:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2E07299B-26F5-438D-A522-20FAFC970E47"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:thinkstation_p330t_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9D0325A8-FC5F-4D3D-9170-35BACEE0D737",
            "versionEndExcluding": "2020-08-10"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:thinkstation_p330t:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9DA61D22-E51B-432D-89CD-AD4DEBB8401C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:thinkstation_p330s_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A357404B-65CE-44FC-B99B-BC98A2786B47",
            "versionEndExcluding": "2020-08-10"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:thinkstation_p330s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "37E1FFC9-815C-4036-97B4-F0AEF3207C5D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:thinkstation_p330_tiny_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B9E5BADF-337B-4527-87F8-A6B23C393443",
            "versionEndExcluding": "2020-08-10"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:thinkstation_p330_tiny:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4FCC5B38-D665-43E6-A4FB-0A9D464E1406"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:thinkstation_p340t_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1486FDAF-AAC7-4687-8CD0-AB45600B5321",
            "versionEndExcluding": "2020-08-10"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:thinkstation_p340t:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4DEA32C1-3B45-46F3-A7BD-EEC1890F9359"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:thinkstation_p340s_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D3287364-23DE-4455-B703-8749DBD4551A",
            "versionEndExcluding": "2020-08-10"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:thinkstation_p340s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "40C61C8F-B6A6-41AF-9985-816A8F7A8594"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
