Sign-up

ID

VAR-201707-0276


CVE

CVE-2017-3754


TITLE

Part of Lenovo Of brand notebook products BIOS Vulnerabilities related to security functions

Trust: 0.8

sources: JVNDB: JVNDB-2017-006969

DESCRIPTION

Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an attacker with physical or administrative access to a system to be able to flash the BIOS with an arbitrary image and potentially run malicious BIOS code. Part of Lenovo Of brand notebook products BIOS Contains vulnerabilities related to security features.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo 320-17AST, etc. are all computer products of China Lenovo (Lenovo). BIOS is one of the basic input input systems. There are security vulnerabilities in the BIOS of several Lenovo products. The following versions are affected: Lenovo 320-17AST; 710s-13IKB/XiaoXin Air 13IKB; 710S-13ISK/XiaoXin Air 13; K21-80; K22-80/Lenovo V720-12; K41-80; ideapad 110-14AST; ideapad 110 -15AST; ideapad 320-14AST; ideapad 320-15AST; XiaoXin Rui7000; MIIX 710-12IKB; MIIX 720-12IKB; Rescuer E520-15IKB; V110-14IAP; 11 IKB

Trust: 1.71

sources: NVD: CVE-2017-3754 // JVNDB: JVNDB-2017-006969 // VULHUB: VHN-111957

AFFECTED PRODUCTS

vendor:lenovomodel:biosscope:eqversion: -

Trust: 1.6

vendor:lenovomodel:biosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2017-006969 // CNNVD: CNNVD-201707-651 // NVD: CVE-2017-3754

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-3754
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-3754
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201707-651
value: MEDIUM

Trust: 0.6

VULHUB: VHN-111957
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-3754
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-111957
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-3754
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-111957 // JVNDB: JVNDB-2017-006969 // CNNVD: CNNVD-201707-651 // NVD: CVE-2017-3754

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-254

Trust: 0.9

sources: VULHUB: VHN-111957 // JVNDB: JVNDB-2017-006969 // NVD: CVE-2017-3754

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201707-651

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201707-651

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-006969

PATCH
title:LEN-15084url:https://support.lenovo.com/jp/ja/product_security/len-15084
Trust: 0.8
title:Multiple Lenovo product BIOS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75597
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-006969 // 
            
            
            
            CNNVD: CNNVD-201707-651

EXTERNAL IDS
db:NVDid:CVE-2017-3754
Trust: 2.5
db:LENOVOid:LEN-15084
Trust: 1.7
db:JVNDBid:JVNDB-2017-006969
Trust: 0.8
db:CNNVDid:CNNVD-201707-651
Trust: 0.7
db:VULHUBid:VHN-111957
Trust: 0.1
sources:
            
            
            VULHUB: VHN-111957 // 
            
            
            
            JVNDB: JVNDB-2017-006969 // 
            
            
            
            CNNVD: CNNVD-201707-651 // 
            
            
            
            NVD: CVE-2017-3754

REFERENCES
url:https://support.lenovo.com/us/en/product_security/len-15084
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3754
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-3754
Trust: 0.8
sources:
            
            
            VULHUB: VHN-111957 // 
            
            
            
            JVNDB: JVNDB-2017-006969 // 
            
            
            
            CNNVD: CNNVD-201707-651 // 
            
            
            
            NVD: CVE-2017-3754

SOURCES
db:VULHUBid:VHN-111957
db:JVNDBid:JVNDB-2017-006969
db:CNNVDid:CNNVD-201707-651
db:NVDid:CVE-2017-3754

LAST UPDATE DATE
2024-08-14T15:39:33.610000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-111957date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-006969date:2017-09-07T00:00:00
db:CNNVDid:CNNVD-201707-651date:2019-10-23T00:00:00
db:NVDid:CVE-2017-3754date:2019-10-03T00:03:26.223

SOURCES RELEASE DATE
db:VULHUBid:VHN-111957date:2017-07-17T00:00:00
db:JVNDBid:JVNDB-2017-006969date:2017-09-07T00:00:00
db:CNNVDid:CNNVD-201707-651date:2017-07-13T00:00:00
db:NVDid:CVE-2017-3754date:2017-07-17T19:29:00.323