CVSS: 6.7EPSS: 0%CPEs: 28EXPL: 1CVE-2020-8353
https://notcve.org/view.php?id=CVE-2020-8353
Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT. Antes del 10 de agosto de 2020, algunos sistemas Lenovo Desktop y Workstation se enviaron con la funcionalidad Embedded Host Based Configuration (EHBC) de Intel AMT habilitada. Esto podría permitir a un usuario administrativo acceso local para configurar Intel AMT • https://support.lenovo.com/us/en/product_security/LEN-44725 • CWE-16: Configuration •
CVSS: 2.4EPSS: 0%CPEs: 32EXPL: 0CVE-2020-8352
https://notcve.org/view.php?id=CVE-2020-8352
In some Lenovo Desktop models, the Configuration Change Detection BIOS setting failed to detect SATA configuration changes. En algunos modelos Lenovo Desktop, la configuración Configuration Change Detection BIOS no pudo detectar cambios de configuración SATA • https://support.lenovo.com/us/en/product_security/LEN-49266 • CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2020-8354
https://notcve.org/view.php?id=CVE-2020-8354
A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution. Una posible vulnerabilidad en la función SMI callback utilizada en el controlador VariableServiceSmm en algunos modelos Lenovo Notebook puede permitir una ejecución de código arbitraria • https://support.lenovo.com/us/en/product_security/LEN-49266 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-8350
https://notcve.org/view.php?id=CVE-2020-8350
An authentication bypass vulnerability was reported in Lenovo ThinkPad Stack Wireless Router firmware version 1.1.3.4 that could allow escalation of privilege. Se reportó una vulnerabilidad de omisión de autenticación en Lenovo ThinkPad Stack Wireless Router versión de firmware 1.1.3.4, que podría permitir una escalada de privilegios • https://support.lenovo.com/us/en/product_security/LEN-48228 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2020-8349
https://notcve.org/view.php?id=CVE-2020-8349
An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)’ optional REST API management interface. This interface is disabled by default and not vulnerable unless enabled. When enabled, it is only vulnerable where attached to a VRF and as allowed by defined ACLs. Lenovo strongly recommends upgrading to a non-vulnerable CNOS release. Where not possible, Lenovo recommends disabling the REST API management interface or restricting access to the management VRF and further limiting access to authorized management stations via ACL. • https://support.lenovo.com/us/en/product_security/LEN-44423 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •