Sign-up

ID

VAR-201708-0554


CVE

CVE-2017-3753


TITLE

AMI Developed by UEFI Some use code Lenovo Code injection vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-007403

DESCRIPTION

A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. (AMI). With this vulnerability, conditions exist where an attacker with administrative privileges or physical access to a system may be able to run specially crafted code that can allow them to bypass system protections such as Device Guard and Hyper-V. American Megatrends, Inc. LenovoIdeaCentre300-20ISH and so on are all products of China Lenovo. The LenovoIdeaCentre300-20ISH is a desktop computer; the ThinkServerRD540 is a server device. BIOSSMIHandler is one of the management information structure handlers. A security vulnerability exists in BIOSSMIHandler in several Lenovo products due to a program failing to perform input validation. A local attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Lenovo IdeaCentre 300-20ISH, etc. There is a security vulnerability in the BIOS SMI Handler in several Lenovo products. The following versions are affected: Lenovo IdeaCentre 300-20ISH; Lenovo M4550 ID; ThinkCentre E73s; ThinkCentre M4500k; ThinkServer RD540; ThinkServer TS140; Thinkstation P510; Thinkstation P910, etc

Trust: 2.52

sources: NVD: CVE-2017-3753 // JVNDB: JVNDB-2017-007403 // CNVD: CNVD-2017-28413 // BID: 100488 // VULHUB: VHN-111956

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-28413

AFFECTED PRODUCTS

vendor:lenovomodel:thinkstation d30 \scope:eqversion:a3kt57a

Trust: 2.0

vendor:lenovomodel:thinkstation c30 \scope:eqversion:a1kt57a

Trust: 2.0

vendor:lenovomodel:thinkstation s30 \scope:eqversion:a2kt54a

Trust: 2.0

vendor:lenovomodel:thinkstation c30scope: - version: -

Trust: 1.6

vendor:lenovomodel:thinkstation d30scope: - version: -

Trust: 1.6

vendor:lenovomodel:thinkstation s30scope: - version: -

Trust: 1.6

vendor:lenovomodel:ideacentre 300s-11ishscope:eqversion: -

Trust: 1.6

vendor:lenovomodel:ideacentre 700scope:eqversion: -

Trust: 1.6

vendor:lenovomodel:s500scope:eqversion:m0kkt24a

Trust: 1.6

vendor:lenovomodel:ideacentre 510s-08ishscope:eqversion: -

Trust: 1.6

vendor:lenovomodel:63scope:eqversion:fckt78a

Trust: 1.6

vendor:lenovomodel:m4500scope:eqversion:fckt78a

Trust: 1.6

vendor:lenovomodel:m4550 idscope:eqversion:fckt78a

Trust: 1.6

vendor:lenovomodel:ideacentre 300-20ishscope:eqversion: -

Trust: 1.6

vendor:lenovomodel:m4500 idscope:eqversion:fckt78a

Trust: 1.6

vendor:lenovomodel:h50-30gscope:eqversion:fckt78a

Trust: 1.6

vendor:lenovomodel:ideacentre 300-20ishscope: - version: -

Trust: 1.4

vendor:lenovomodel:thinkcentre e73sscope: - version: -

Trust: 1.4

vendor:lenovomodel:thinkcentre m4500kscope: - version: -

Trust: 1.4

vendor:lenovomodel:thinkserver rd540scope: - version: -

Trust: 1.4

vendor:lenovomodel:thinkserver ts140scope: - version: -

Trust: 1.4

vendor:lenovomodel:thinkstation p510scope: - version: -

Trust: 1.4

vendor:lenovomodel:thinkstation p910scope: - version: -

Trust: 1.4

vendor:lenovomodel:thinkserver ts550scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkcentre m710t\/sscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkcentre e93scope:eqversion:fbktc5a

Trust: 1.0

vendor:lenovomodel:thinkcentre m73z \scope:eqversion:fgkt46a

Trust: 1.0

vendor:lenovomodel:thinkserver rd640scope:eqversion:a1tsb5a

Trust: 1.0

vendor:lenovomodel:thinkcentre m83scope:eqversion:fbktcga

Trust: 1.0

vendor:lenovomodel:thinkcentre m79scope:eqversion:m0lkt12a

Trust: 1.0

vendor:lenovomodel:thinkstation p910scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkserver td340scope:eqversion:a3tsb5a

Trust: 1.0

vendor:lenovomodel:thinkstation p710scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkcentre m93scope:eqversion:fbktc5a

Trust: 1.0

vendor:lenovomodel:thinkcentre m910xscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkcentre m6600scope:eqversion:fwkt39a

Trust: 1.0

vendor:lenovomodel:yangtian afh81scope:eqversion:fckt80a

Trust: 1.0

vendor:lenovomodel:thinkcentre e74scope:eqversion:m05kt54a

Trust: 1.0

vendor:lenovomodel:yangtian mc h110scope:eqversion:m05kt61a

Trust: 1.0

vendor:lenovomodel:yangtian afq150scope:eqversion:fwkt57a

Trust: 1.0

vendor:lenovomodel:thinkcentre m700zscope:eqversion:fvkt48a

Trust: 1.0

vendor:lenovomodel:thinkcentre m8250zscope:eqversion:fgkt46a

Trust: 1.0

vendor:lenovomodel:thinkcentre m610scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:yangtian mc h81scope:eqversion:fckt80a

Trust: 1.0

vendor:lenovomodel:thinkserver rd440scope:eqversion:a0tsb5a

Trust: 1.0

vendor:lenovomodel:thinkcentre e73scope:eqversion:fckt78a

Trust: 1.0

vendor:lenovomodel:thinkcentre m8350zscope:eqversion:fvkt42a

Trust: 1.0

vendor:lenovomodel:ideacentre 510s-23isuscope:eqversion:o2ekt24a

Trust: 1.0

vendor:lenovomodel:thinkserver rd340scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:yangtian mc carrizo-lscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkcentre m4500kscope:eqversion:fckt78a

Trust: 1.0

vendor:lenovomodel:thinkcentre m9500zscope:eqversion:fukt44a

Trust: 1.0

vendor:lenovomodel:thinkcentre m7300zscope:eqversion:fvkt42a

Trust: 1.0

vendor:lenovomodel:v320-15iapscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkcentre m92scope:eqversion:9skt95a

Trust: 1.0

vendor:lenovomodel:thinkcentre m72escope:eqversion:f1kt71a

Trust: 1.0

vendor:lenovomodel:thinkstation p500scope:eqversion:a4kt86a

Trust: 1.0

vendor:lenovomodel:thinkcentre m910qscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkstation p310scope:eqversion:fwkt57a

Trust: 1.0

vendor:lenovomodel:thinkcentre e74sscope:eqversion:m05kt54a

Trust: 1.0

vendor:lenovomodel:yangtian s800scope:eqversion:ffkt43a

Trust: 1.0

vendor:lenovomodel:thinkcentre m4500qscope:eqversion:fhkt66a

Trust: 1.0

vendor:lenovomodel:thinkcentre m7200zscope:eqversion:fgkt46a

Trust: 1.0

vendor:lenovomodel:thinkcentre m6600qscope:eqversion:fwkt39a

Trust: 1.0

vendor:lenovomodel:thinkstation e32scope:eqversion:fbktc6a

Trust: 1.0

vendor:lenovomodel:thinkcentre m73pscope:eqversion:fbktc5a

Trust: 1.0

vendor:lenovomodel:thinkcentre m600scope:eqversion:m00kt44a

Trust: 1.0

vendor:lenovomodel:thinkcentre m800zscope:eqversion:fvkt42a

Trust: 1.0

vendor:lenovomodel:thinkstation e31scope:eqversion:9skt97a

Trust: 1.0

vendor:lenovomodel:thinkserver ts250scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkstation p510scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkcentre m700scope:eqversion:m05kt54a

Trust: 1.0

vendor:lenovomodel:thinkcentre m8200zscope:eqversion:fgkt46a

Trust: 1.0

vendor:lenovomodel:thinkcentre edge 62zscope:eqversion:f8kt40a

Trust: 1.0

vendor:lenovomodel:thinkserver rs140scope:eqversion:fbkt91c

Trust: 1.0

vendor:lenovomodel:thinkstation p320scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkcentre m8300zscope:eqversion:fvkt42a

Trust: 1.0

vendor:lenovomodel:thinkserver ts150scope:eqversion:fbktc3a

Trust: 1.0

vendor:lenovomodel:thinkstation p900scope:eqversion:a6kt86a

Trust: 1.0

vendor:lenovomodel:thinkcentre m715qscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkcentre x1 aioscope:eqversion:m0hkt32a

Trust: 1.0

vendor:lenovomodel:yangtian afh110scope:eqversion:m05kt73a

Trust: 1.0

vendor:lenovomodel:thinkcentre e79scope:eqversion:m0lkt12a

Trust: 1.0

vendor:lenovomodel:thinkcentre m6500t\/sscope:eqversion:fbktc5a

Trust: 1.0

vendor:lenovomodel:thinkcentre m92pscope:eqversion:9skt95a

Trust: 1.0

vendor:lenovomodel:thinkcentre m8600t\/sscope:eqversion:fwkt39a

Trust: 1.0

vendor:lenovomodel:thinkcentre e74zscope:eqversion:fvkt48a

Trust: 1.0

vendor:lenovomodel:thinkserver ts240scope:eqversion:fbktc3a

Trust: 1.0

vendor:lenovomodel:thinkserver rq750scope:eqversion:7.05

Trust: 1.0

vendor:lenovomodel:thinkcentre m8500t\/sscope:eqversion:fbktc5a

Trust: 1.0

vendor:lenovomodel:thinkcentre m7250zscope:eqversion:fgkt46a

Trust: 1.0

vendor:lenovomodel:thinkserver ts140scope:eqversion:fbktc3a

Trust: 1.0

vendor:lenovomodel:thinkstation p300scope:eqversion:fbktc6a

Trust: 1.0

vendor:lenovomodel:thinkcentre e73sscope:eqversion:fckt78a

Trust: 1.0

vendor:lenovomodel:yangtian me\/we h110scope:eqversion:m05kt61a

Trust: 1.0

vendor:lenovomodel:thinkcentre m800scope:eqversion:fwkt39a

Trust: 1.0

vendor:lenovomodel:thinkserver rd540scope:eqversion:a1tsb5a

Trust: 1.0

vendor:lenovomodel:thinkcentre e73z \scope:eqversion:fgkt49a

Trust: 1.0

vendor:lenovomodel:thinkcentre m93pscope:eqversion:fbktc5a

Trust: 1.0

vendor:lenovomodel:thinkstation p410scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkcentre m9550zscope:eqversion:fukt44a

Trust: 1.0

vendor:lenovomodel:thinkcentre m900zscope:eqversion:fukt39a

Trust: 1.0

vendor:lenovomodel:thinkcentre m4600t\/sscope:eqversion:m05kt54a

Trust: 1.0

vendor:lenovomodel:thinkcentre m910t\/sscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:yangtian mf\/wf h81scope:eqversion:fckt80a

Trust: 1.0

vendor:lenovomodel:thinkserver ts450scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkcentre e93z \scope:eqversion:ffkt43a

Trust: 1.0

vendor:lenovomodel:yangtian mc godavariscope:eqversion:m0lkt13a

Trust: 1.0

vendor:lenovomodel:thinkcentre e75 t\/sscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkstation p700scope:eqversion:a5kt86a

Trust: 1.0

vendor:lenovomodel:s200zscope:eqversion:m09kt33a

Trust: 1.0

vendor:lenovomodel:thinkcentre m73scope:eqversion:fckt78a

Trust: 1.0

vendor:lenovomodel:yangtian s3040scope:eqversion:fgkt49a

Trust: 1.0

vendor:lenovomodel:thinkcentre m4500t\/sscope:eqversion:fckt78a

Trust: 1.0

vendor:lenovomodel:thinkcentre m810zscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkcentre m900scope:eqversion:fwkt39a

Trust: 1.0

vendor:lenovomodel:thinkcentre m6600t\/sscope:eqversion:fwkt39a

Trust: 1.0

vendor:lenovomodel:thinkcentre m83z \scope:eqversion:fvkt42a

Trust: 1.0

vendor:lenovomodel:ideacentre 300s-11ishscope: - version: -

Trust: 0.8

vendor:lenovomodel:ideacentre 510s-08ishscope: - version: -

Trust: 0.8

vendor:lenovomodel:ideacentre 510s-23isuscope: - version: -

Trust: 0.8

vendor:lenovomodel:ideacentre 700scope: - version: -

Trust: 0.8

vendor:lenovomodel:63scope: - version: -

Trust: 0.8

vendor:lenovomodel:h50-30g desktopscope: - version: -

Trust: 0.8

vendor:lenovomodel:m4500 idscope: - version: -

Trust: 0.8

vendor:lenovomodel:m4500scope: - version: -

Trust: 0.8

vendor:lenovomodel:m4550 idscope: - version: -

Trust: 0.8

vendor:lenovomodel:s200zscope: - version: -

Trust: 0.8

vendor:lenovomodel:s500scope: - version: -

Trust: 0.8

vendor:lenovomodel:v320-15iapscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre e73scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre e73zscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre e74scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre e74sscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre e74zscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre e75 t/sscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre e79scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre e93scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre e93zscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre edge 62zscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre m4500qscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre m4500t/sscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre m4600t/sscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre m600scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre m610scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre m6500t/sscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre m6600scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre m6600qscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre m6600t/sscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre m700scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre m700zscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre m710t/sscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre m715qscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre m7200zscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre m7250zscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre m72escope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre m73scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre m7300zscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre m73pscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre m73zscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre m79scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre m800scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre m800zscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre m810zscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre m8200zscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre m8250zscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre m83scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre m8300zscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre m8350zscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre m83zscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre m8500t/sscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre m8600t/sscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre m900scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre m900zscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre m910 t/sscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre m910qscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre m910xscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre m92scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre m92pscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre m93scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre m93pscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre m9500zscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre m9550zscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkcentre x1 aioscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkserver rd340scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkserver rd440scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkserver rd640scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkserver rq750scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkserver rs140scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkserver td340scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkserver ts150scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkserver ts240scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkserver ts250scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkserver ts450scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkserver ts550scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkstation e31scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkstation e32scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkstation p300scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkstation p310scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkstation p320scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkstation p410scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkstation p500scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkstation p700scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkstation p710scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkstation p900scope: - version: -

Trust: 0.8

vendor:lenovomodel:yangtian afh110scope: - version: -

Trust: 0.8

vendor:lenovomodel:yangtian afh81scope: - version: -

Trust: 0.8

vendor:lenovomodel:yangtian afq150scope: - version: -

Trust: 0.8

vendor:lenovomodel:yangtian mc carrizo-lscope: - version: -

Trust: 0.8

vendor:lenovomodel:yangtian mc godavariscope: - version: -

Trust: 0.8

vendor:lenovomodel:yangtian mc h110scope: - version: -

Trust: 0.8

vendor:lenovomodel:yangtian mc h81scope: - version: -

Trust: 0.8

vendor:lenovomodel:yangtian me/we h110scope: - version: -

Trust: 0.8

vendor:lenovomodel:yangtian mf/wf h81scope: - version: -

Trust: 0.8

vendor:lenovomodel:yangtian s3040scope: - version: -

Trust: 0.8

vendor:lenovomodel:yangtian s800scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkstationscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkserverscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:desktop all in onescope:eqversion:-0

Trust: 0.3

vendor:lenovomodel:desktopscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2017-28413 // BID: 100488 // JVNDB: JVNDB-2017-007403 // CNNVD: CNNVD-201708-381 // NVD: CVE-2017-3753

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-3753
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-3753
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-28413
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201708-381
value: HIGH

Trust: 0.6

VULHUB: VHN-111956
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-3753
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-28413
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-111956
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-3753
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-28413 // VULHUB: VHN-111956 // JVNDB: JVNDB-2017-007403 // CNNVD: CNNVD-201708-381 // NVD: CVE-2017-3753

PROBLEMTYPE DATA

problemtype:CWE-94

Trust: 1.9

sources: VULHUB: VHN-111956 // JVNDB: JVNDB-2017-007403 // NVD: CVE-2017-3753

THREAT TYPE

local

Trust: 0.9

sources: BID: 100488 // CNNVD: CNNVD-201708-381

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201708-381

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-007403

PATCH
title:LEN-14695url:https://support.lenovo.com/us/ja/product_security/len-14695
Trust: 0.8
title:A variety of Lenovo product BIOSSMIHandler bypasses the system protection vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/102850
Trust: 0.6
title:Multiple Lenovo product BIOS SMI Handler Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=73847
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-28413 // 
            
            
            
            JVNDB: JVNDB-2017-007403 // 
            
            
            
            CNNVD: CNNVD-201708-381

EXTERNAL IDS
db:NVDid:CVE-2017-3753
Trust: 3.4
db:LENOVOid:LEN-14695
Trust: 2.6
db:JVNDBid:JVNDB-2017-007403
Trust: 0.8
db:CNNVDid:CNNVD-201708-381
Trust: 0.7
db:CNVDid:CNVD-2017-28413
Trust: 0.6
db:BIDid:100488
Trust: 0.4
db:VULHUBid:VHN-111956
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-28413 // 
            
            
            
            VULHUB: VHN-111956 // 
            
            
            
            BID: 100488 // 
            
            
            
            JVNDB: JVNDB-2017-007403 // 
            
            
            
            CNNVD: CNNVD-201708-381 // 
            
            
            
            NVD: CVE-2017-3753

REFERENCES
url:https://support.lenovo.com/us/en/product_security/len-14695
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3753
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-3753
Trust: 0.8
url:https://support.lenovo.com/us/zh/product_security/len-14695
Trust: 0.6
url:http://www.lenovo.com/ca/en/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-28413 // 
            
            
            
            VULHUB: VHN-111956 // 
            
            
            
            BID: 100488 // 
            
            
            
            JVNDB: JVNDB-2017-007403 // 
            
            
            
            CNNVD: CNNVD-201708-381 // 
            
            
            
            NVD: CVE-2017-3753

CREDITS
Alex Matrosov, Principal Research Scientist, Cylance.
Trust: 0.3
sources:
            
            
            BID: 100488

SOURCES
db:CNVDid:CNVD-2017-28413
db:VULHUBid:VHN-111956
db:BIDid:100488
db:JVNDBid:JVNDB-2017-007403
db:CNNVDid:CNNVD-201708-381
db:NVDid:CVE-2017-3753

LAST UPDATE DATE
2024-11-23T22:45:36.995000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-28413date:2017-09-26T00:00:00
db:VULHUBid:VHN-111956date:2017-08-29T00:00:00
db:BIDid:100488date:2017-07-27T00:00:00
db:JVNDBid:JVNDB-2017-007403date:2017-09-20T00:00:00
db:CNNVDid:CNNVD-201708-381date:2017-08-25T00:00:00
db:NVDid:CVE-2017-3753date:2024-11-21T03:26:04.303

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-28413date:2017-09-26T00:00:00
db:VULHUBid:VHN-111956date:2017-08-10T00:00:00
db:BIDid:100488date:2017-07-27T00:00:00
db:JVNDBid:JVNDB-2017-007403date:2017-09-20T00:00:00
db:CNNVDid:CNNVD-201708-381date:2017-08-25T00:00:00
db:NVDid:CVE-2017-3753date:2017-08-10T00:29:00.230