Description
Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT.
References (1)
Core 1
Core References
Exploit, Vendor Advisory x_refsource_misc
https://support.lenovo.com/us/en/product_security/LEN-44725
Scores
CVSS v3
6.7
EPSS
0.0055
EPSS Percentile
42.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-16
Status
published
Products (14)
lenovo/thinkcentre_m80s_firmware
< 2020-08-10
lenovo/thinkcentre_m80t_firmware
< 2020-08-10
lenovo/thinkcentre_m90s_firmware
< 2020-08-10
lenovo/thinkcentre_m90t_firmware
< 2020-08-10
lenovo/thinkcentre_m910z_firmware
< 2020-08-10
lenovo/thinkcentre_m920q_firmware
< 2020-08-10
lenovo/thinkcentre_m920s_firmware
< 2020-08-10
lenovo/thinkcentre_m920t_firmware
< 2020-08-10
lenovo/thinkcentre_m920z_firmware
< 2020-08-10
lenovo/thinkstation_p330_tiny_firmware
< 2020-08-10
... and 4 more
Published
Nov 11, 2020
Tracked Since
Feb 18, 2026