Skip to main content

Severity by source

NVD PRIMARY
6.7 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 11, 2020 - 18:15 nvd
MEDIUM 6.7

DescriptionNVD

Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT.

AnalysisAI

Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-16. Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT. Affected products include: Lenovo Thinkcentre M80T Firmware, Lenovo Thinkcentre M80S Firmware, Lenovo Thinkcentre M90T Firmware, Lenovo Thinkcentre M90S Firmware, Lenovo Thinkcentre M910Z Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2021-3519 MEDIUM
6.8 Nov 12

A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when t

CVE-2023-45079 MEDIUM
6.7 Nov 08

A memory leakage vulnerability was reported in the NvmramSmm SMM driver that may allow a local attacker with elevated pr

CVE-2023-45078 MEDIUM
6.7 Nov 08

A memory leakage vulnerability was reported in the DustFilterAlertSmm SMM driver that may allow a local attacker with el

CVE-2023-45077 MEDIUM
6.7 Nov 08

A memory leakage vulnerability was reported in the 534D0740 DXE driver that may allow a local attacker with elevated pri

CVE-2023-45076 MEDIUM
6.7 Nov 08

A memory leakage vulnerability was reported in the 534D0140 DXE driver that may allow a local attacker with elevated pri

CVE-2023-45075 MEDIUM
6.7 Nov 08

A memory leakage vulnerability was reported in the SWSMI_Shadow DXE driver that may allow a local attacker with elevated

CVE-2023-43581 MEDIUM
6.7 Nov 08

A buffer overflow was reported in the Update_WMI module in some Lenovo Desktop products that may allow a local attacker

CVE-2023-43580 MEDIUM
6.7 Nov 08

A buffer overflow was reported in the SmuV11DxeVMR module in some Lenovo Desktop products that may allow a local attacke

CVE-2023-43579 MEDIUM
6.7 Nov 08

A buffer overflow was reported in the SmuV11Dxe driver in some Lenovo Desktop products that may allow a local attacker w

CVE-2023-43578 MEDIUM
6.7 Nov 08

A buffer overflow was reported in the SmiFlash module in some Lenovo Desktop products that may allow a local attacker wi

CVE-2023-43577 MEDIUM
6.7 Nov 08

A buffer overflow was reported in the ReFlash module in some Lenovo Desktop products that may allow a local attacker wit

CVE-2023-43576 MEDIUM
6.7 Nov 08

A buffer overflow was reported in the WMISwSmi module in some Lenovo Desktop products that may allow a local attacker wi

Share

CVE-2020-8353 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy