Sign-up

ID

VAR-201709-0672


CVE

CVE-2017-3770


TITLE

LXCA Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-008378

DESCRIPTION

Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system. LXCA Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo LXCA is a set of file system management tools of China Lenovo (Lenovo). There is a privilege escalation vulnerability in versions earlier than Lenovo LXCA 1.3.2

Trust: 1.71

sources: NVD: CVE-2017-3770 // JVNDB: JVNDB-2017-008378 // VULHUB: VHN-111973

AFFECTED PRODUCTS

vendor:lenovomodel:xclarity administratorscope:lteversion:1.3.1

Trust: 1.0

vendor:lenovomodel:xclarity administratorscope:ltversion:1.3.2

Trust: 0.8

vendor:lenovomodel:xclarity administratorscope:eqversion:1.3.1

Trust: 0.6

sources: JVNDB: JVNDB-2017-008378 // CNNVD: CNNVD-201709-1140 // NVD: CVE-2017-3770

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-3770
value: HIGH

Trust: 1.0

NVD: CVE-2017-3770
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201709-1140
value: HIGH

Trust: 0.6

VULHUB: VHN-111973
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-3770
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-111973
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-3770
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-111973 // JVNDB: JVNDB-2017-008378 // CNNVD: CNNVD-201709-1140 // NVD: CVE-2017-3770

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-77

Trust: 0.9

sources: VULHUB: VHN-111973 // JVNDB: JVNDB-2017-008378 // NVD: CVE-2017-3770

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-1140

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201709-1140

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-008378

PATCH
title:LEN-16333url:https://support.lenovo.com/jp/ja/product_security/len-16333
Trust: 0.8
title:Lenovo LXCA Fixes for permission permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75101
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-008378 // 
            
            
            
            CNNVD: CNNVD-201709-1140

EXTERNAL IDS
db:NVDid:CVE-2017-3770
Trust: 2.5
db:LENOVOid:LEN-16333
Trust: 1.7
db:JVNDBid:JVNDB-2017-008378
Trust: 0.8
db:CNNVDid:CNNVD-201709-1140
Trust: 0.7
db:VULHUBid:VHN-111973
Trust: 0.1
sources:
            
            
            VULHUB: VHN-111973 // 
            
            
            
            JVNDB: JVNDB-2017-008378 // 
            
            
            
            CNNVD: CNNVD-201709-1140 // 
            
            
            
            NVD: CVE-2017-3770

REFERENCES
url:https://support.lenovo.com/us/en/product_security/len-16333
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3770
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-3770
Trust: 0.8
sources:
            
            
            VULHUB: VHN-111973 // 
            
            
            
            JVNDB: JVNDB-2017-008378 // 
            
            
            
            CNNVD: CNNVD-201709-1140 // 
            
            
            
            NVD: CVE-2017-3770

SOURCES
db:VULHUBid:VHN-111973
db:JVNDBid:JVNDB-2017-008378
db:CNNVDid:CNNVD-201709-1140
db:NVDid:CVE-2017-3770

LAST UPDATE DATE
2024-11-23T22:30:39.940000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-111973date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-008378date:2017-10-17T00:00:00
db:CNNVDid:CNNVD-201709-1140date:2019-10-23T00:00:00
db:NVDid:CVE-2017-3770date:2024-11-21T03:26:06.270

SOURCES RELEASE DATE
db:VULHUBid:VHN-111973date:2017-09-22T00:00:00
db:JVNDBid:JVNDB-2017-008378date:2017-10-17T00:00:00
db:CNNVDid:CNNVD-201709-1140date:2017-09-29T00:00:00
db:NVDid:CVE-2017-3770date:2017-09-22T14:29:00.243