Thinkcentre M80T Firmware
CVE-2020-8353
MEDIUM
Severity by source
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT.
AnalysisAI
Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-16. Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT. Affected products include: Lenovo Thinkcentre M80T Firmware, Lenovo Thinkcentre M80S Firmware, Lenovo Thinkcentre M90T Firmware, Lenovo Thinkcentre M90S Firmware, Lenovo Thinkcentre M910Z Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Thinkcentre M80T Firmware
View allA vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when t
A memory leakage vulnerability was reported in the NvmramSmm SMM driver that may allow a local attacker with elevated pr
A memory leakage vulnerability was reported in the DustFilterAlertSmm SMM driver that may allow a local attacker with el
A memory leakage vulnerability was reported in the 534D0740 DXE driver that may allow a local attacker with elevated pri
A memory leakage vulnerability was reported in the 534D0140 DXE driver that may allow a local attacker with elevated pri
A memory leakage vulnerability was reported in the SWSMI_Shadow DXE driver that may allow a local attacker with elevated
A buffer overflow was reported in the Update_WMI module in some Lenovo Desktop products that may allow a local attacker
A buffer overflow was reported in the SmuV11DxeVMR module in some Lenovo Desktop products that may allow a local attacke
A buffer overflow was reported in the SmuV11Dxe driver in some Lenovo Desktop products that may allow a local attacker w
A buffer overflow was reported in the SmiFlash module in some Lenovo Desktop products that may allow a local attacker wi
A buffer overflow was reported in the ReFlash module in some Lenovo Desktop products that may allow a local attacker wit
A buffer overflow was reported in the WMISwSmi module in some Lenovo Desktop products that may allow a local attacker wi
Same weakness CWE-16 – Configuration
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today