Sign-up

ID

VAR-201709-0671


CVE

CVE-2017-3763


TITLE

LXCA Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2017-008377

DESCRIPTION

An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of local LXCA accounts in LXCA versions earlier than 1.3.2. LXCA Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo LXCA is a set of file system management tools of China Lenovo (Lenovo). A security vulnerability exists in versions prior to Lenovo LXCA 1.3.2

Trust: 1.71

sources: NVD: CVE-2017-3763 // JVNDB: JVNDB-2017-008377 // VULHUB: VHN-111966

AFFECTED PRODUCTS

vendor:lenovomodel:xclarity administratorscope:lteversion:1.3.1

Trust: 1.0

vendor:lenovomodel:xclarity administratorscope:ltversion:1.3.2

Trust: 0.8

vendor:lenovomodel:xclarity administratorscope:eqversion:1.3.1

Trust: 0.6

sources: JVNDB: JVNDB-2017-008377 // CNNVD: CNNVD-201709-1141 // NVD: CVE-2017-3763

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-3763
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-3763
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201709-1141
value: MEDIUM

Trust: 0.6

VULHUB: VHN-111966
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-3763
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-111966
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-3763
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-111966 // JVNDB: JVNDB-2017-008377 // CNNVD: CNNVD-201709-1141 // NVD: CVE-2017-3763

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-111966 // JVNDB: JVNDB-2017-008377 // NVD: CVE-2017-3763

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201709-1141

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201709-1141

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-008377

PATCH
title:LEN-16333url:https://support.lenovo.com/jp/ja/product_security/len-16333
Trust: 0.8
title:Lenovo LXCA Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75102
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-008377 // 
            
            
            
            CNNVD: CNNVD-201709-1141

EXTERNAL IDS
db:NVDid:CVE-2017-3763
Trust: 2.5
db:LENOVOid:LEN-16333
Trust: 1.7
db:JVNDBid:JVNDB-2017-008377
Trust: 0.8
db:CNNVDid:CNNVD-201709-1141
Trust: 0.7
db:VULHUBid:VHN-111966
Trust: 0.1
sources:
            
            
            VULHUB: VHN-111966 // 
            
            
            
            JVNDB: JVNDB-2017-008377 // 
            
            
            
            CNNVD: CNNVD-201709-1141 // 
            
            
            
            NVD: CVE-2017-3763

REFERENCES
url:https://support.lenovo.com/us/en/product_security/len-16333
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3763
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-3763
Trust: 0.8
sources:
            
            
            VULHUB: VHN-111966 // 
            
            
            
            JVNDB: JVNDB-2017-008377 // 
            
            
            
            CNNVD: CNNVD-201709-1141 // 
            
            
            
            NVD: CVE-2017-3763

SOURCES
db:VULHUBid:VHN-111966
db:JVNDBid:JVNDB-2017-008377
db:CNNVDid:CNNVD-201709-1141
db:NVDid:CVE-2017-3763

LAST UPDATE DATE
2024-11-23T22:30:39.964000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-111966date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-008377date:2017-10-17T00:00:00
db:CNNVDid:CNNVD-201709-1141date:2019-10-23T00:00:00
db:NVDid:CVE-2017-3763date:2024-11-21T03:26:05.630

SOURCES RELEASE DATE
db:VULHUBid:VHN-111966date:2017-09-22T00:00:00
db:JVNDBid:JVNDB-2017-008377date:2017-10-17T00:00:00
db:CNNVDid:CNNVD-201709-1141date:2017-09-29T00:00:00
db:NVDid:CVE-2017-3763date:2017-09-22T14:29:00.197