Details of VAR-201711-0398

ID

VAR-201711-0398

CVE

CVE-2017-3767

TITLE

plural Lenovo ThinkPad Product Realtek Vulnerabilities related to authorization, authority, and access control in audio drivers

Trust: 0.8

sources: JVNDB: JVNDB-2017-010216

DESCRIPTION

A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1.8224 in some Lenovo ThinkPad products. An attacker with local privileges could execute code with administrative privileges. plural Lenovo ThinkPad Product Realtek Audio drivers contain vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ThinkPad11e and other are notebook products of China Lenovo. Realtekaudiodriver is one of the audio drivers released by Realtek

Trust: 2.16

sources: NVD: CVE-2017-3767 // JVNDB: JVNDB-2017-010216 // CNVD: CNVD-2017-36547

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-36547

AFFECTED PRODUCTS

vendor:	realtek	model:	audio driver	scope:	lt	version:	6.0.1.8224	Trust: 1.0
vendor:	realtek semiconductor corp	model:	audio driver	scope:	lt	version:	6.0.1.8224	Trust: 0.8
vendor:	lenovo	model:	thinkpad 11e/yoga 11e 20e5	scope:	-	version:	-	Trust: 0.6
vendor:	lenovo	model:	thinkpad 20e6	scope:	-	version:	-	Trust: 0.6
vendor:	lenovo	model:	thinkpad 20ed	scope:	-	version:	-	Trust: 0.6
vendor:	lenovo	model:	thinkpad 20e7	scope:	-	version:	-	Trust: 0.6
vendor:	lenovo	model:	thinkpad 20e8	scope:	-	version:	-	Trust: 0.6
vendor:	lenovo	model:	thinkpad 20ee	scope:	-	version:	-	Trust: 0.6
vendor:	lenovo	model:	thinkpad thinkpad s2 20gj	scope:	eq	version:	13/	Trust: 0.6
vendor:	lenovo	model:	thinkpad 20gk	scope:	-	version:	-	Trust: 0.6
vendor:	lenovo	model:	thinkpad 20gu	scope:	-	version:	-	Trust: 0.6
vendor:	lenovo	model:	thinkpad helix 20cg	scope:	-	version:	-	Trust: 0.6
vendor:	lenovo	model:	thinkpad 20ch	scope:	-	version:	-	Trust: 0.6
vendor:	lenovo	model:	thinkpad l450 20ds	scope:	-	version:	-	Trust: 0.6
vendor:	lenovo	model:	thinkpad 20dt	scope:	-	version:	-	Trust: 0.6
vendor:	lenovo	model:	thinkpad l460	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2017-36547 // JVNDB: JVNDB-2017-010216 // NVD: CVE-2017-3767

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-3767
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-3767
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-36547
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201711-383
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2017-3767
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-36547
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-3767
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-36547 // JVNDB: JVNDB-2017-010216 // CNNVD: CNNVD-201711-383 // NVD: CVE-2017-3767

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-264	Trust: 0.8

sources: JVNDB: JVNDB-2017-010216 // NVD: CVE-2017-3767

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201711-383

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201711-383

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010216

PATCH

title:	LEN-15759	url:	https://support.lenovo.com/us/en/product_security/LEN-15759	Trust: 0.8
title:	Patches for various Lenovo ThinkPad product local privilege escalation vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/108341	Trust: 0.6
title:	Multiple Lenovo ThinkPad product Realtek Fixes for audio driver permissions and access control vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76251	Trust: 0.6

sources: CNVD: CNVD-2017-36547 // JVNDB: JVNDB-2017-010216 // CNNVD: CNNVD-201711-383

EXTERNAL IDS

db:	NVD	id:	CVE-2017-3767	Trust: 3.0
db:	LENOVO	id:	LEN-15759	Trust: 1.6
db:	JVNDB	id:	JVNDB-2017-010216	Trust: 0.8
db:	CNVD	id:	CNVD-2017-36547	Trust: 0.6
db:	CNNVD	id:	CNNVD-201711-383	Trust: 0.6

sources: CNVD: CNVD-2017-36547 // JVNDB: JVNDB-2017-010216 // CNNVD: CNNVD-201711-383 // NVD: CVE-2017-3767

REFERENCES

url:	https://support.lenovo.com/us/en/product_security/len-15759	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3767	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3767	Trust: 0.8

sources: CNVD: CNVD-2017-36547 // JVNDB: JVNDB-2017-010216 // CNNVD: CNNVD-201711-383 // NVD: CVE-2017-3767

SOURCES

db:	CNVD	id:	CNVD-2017-36547
db:	JVNDB	id:	JVNDB-2017-010216
db:	CNNVD	id:	CNNVD-201711-383
db:	NVD	id:	CVE-2017-3767

LAST UPDATE DATE

2024-11-23T23:02:19.609000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-36547	date:	2017-12-07T00:00:00
db:	JVNDB	id:	JVNDB-2017-010216	date:	2017-12-07T00:00:00
db:	CNNVD	id:	CNNVD-201711-383	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-3767	date:	2024-11-21T03:26:05.980

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-36547	date:	2017-12-07T00:00:00
db:	JVNDB	id:	JVNDB-2017-010216	date:	2017-12-07T00:00:00
db:	CNNVD	id:	CNNVD-201711-383	date:	2017-11-17T00:00:00
db:	NVD	id:	CVE-2017-3767	date:	2017-11-13T16:29:00.293