Description
Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT.
References (1)
Core 1
Core References
Exploit, Vendor Advisory x_refsource_misc
https://support.lenovo.com/us/en/product_security/LEN-44725
Scores
CVSS v3
6.7
EPSS
0.0005
EPSS Percentile
15.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-16
Status
published
Products (14)
lenovo/thinkcentre_m80s_firmware
< 2020-08-10
lenovo/thinkcentre_m80t_firmware
< 2020-08-10
lenovo/thinkcentre_m90s_firmware
< 2020-08-10
lenovo/thinkcentre_m90t_firmware
< 2020-08-10
lenovo/thinkcentre_m910z_firmware
< 2020-08-10
lenovo/thinkcentre_m920q_firmware
< 2020-08-10
lenovo/thinkcentre_m920s_firmware
< 2020-08-10
lenovo/thinkcentre_m920t_firmware
< 2020-08-10
lenovo/thinkcentre_m920z_firmware
< 2020-08-10
lenovo/thinkstation_p330_tiny_firmware
< 2020-08-10
... and 4 more
Published
Nov 11, 2020
Tracked Since
Feb 18, 2026