Sign-up

ID

VAR-201801-0502


CVE

CVE-2017-3762


TITLE

Lenovo Fingerprint Manager Pro Vulnerabilities related to the use of hard-coded credentials

Trust: 0.8

sources: JVNDB: JVNDB-2018-001588

DESCRIPTION

Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users' Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed. Lenovo Fingerprint Manager Pro Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo ThinkPad L560 and other computer products of China Lenovo (Lenovo). FingerprintManagerPro is one of the fingerprint recognition sensor drivers. An attacker could exploit the vulnerability to access the system. Lenovo Fingerprint Manager Pro is prone to multiple local security weaknesses. A local attacker can exploit these issues to perform certain unauthorized actions or gain potentially sensitive information. Versions prior to Fingerprint Manager Pro 8.01.87 are vulnerable. The following products are affected: Lenovo ThinkPad L560; ThinkPad P40 Yoga, P50s; ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560; ThinkPad W540, W541, W550s; ThinkPad X1 Carbon (Type 20A87, 20A) , X1 Carbon (Type 20BS, 20BT); ThinkPad X240, X240s, X250, X260; ThinkPad Yoga 14 (20FY), Yoga 460; ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z; ThinkStation E32, P300 , P500, P700, P900

Trust: 2.52

sources: NVD: CVE-2017-3762 // JVNDB: JVNDB-2018-001588 // CNVD: CNVD-2018-04363 // BID: 102837 // VULHUB: VHN-111965

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-04363

AFFECTED PRODUCTS

vendor:lenovomodel:fingerprint manager proscope:lteversion:8.01.86

Trust: 1.8

vendor:lenovomodel:fingerprint manager proscope:lteversion:<=8.01.86

Trust: 0.6

vendor:lenovomodel:thinkpad carbonscope:eqversion:x10

Trust: 0.6

vendor:lenovomodel:fingerprint manager proscope:eqversion:8.01.86

Trust: 0.6

vendor:lenovomodel:thinkstation p900scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkstation p700scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkstation p500scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkstation p300scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkstation e32scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad yogascope:eqversion:4600

Trust: 0.3

vendor:lenovomodel:thinkpad yogascope:eqversion:140

Trust: 0.3

vendor:lenovomodel:thinkpadscope:eqversion:x2600

Trust: 0.3

vendor:lenovomodel:thinkpadscope:eqversion:x2500

Trust: 0.3

vendor:lenovomodel:thinkpad x240sscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpadscope:eqversion:x2400

Trust: 0.3

vendor:lenovomodel:thinkpad w550sscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad w541scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad w540scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad t560scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad t550scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad t540pscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad t460scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad t450sscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad t450scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad t440sscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad t440pscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad t440scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad p50sscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad p40 yogascope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad l560scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkcentre m93pscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkcentre m9350zscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkcentre m93scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkcentre m83scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkcentre m79scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkcentre m78scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkcentre m73zscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkcentre m73scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:fingerprint manager proscope:eqversion:8.1.57

Trust: 0.3

vendor:lenovomodel:fingerprint manager proscope:eqversion:8.1.42

Trust: 0.3

vendor:lenovomodel:fingerprint manager proscope:eqversion:8.1.41

Trust: 0.3

vendor:lenovomodel:fingerprint manager proscope:eqversion:8.1.35

Trust: 0.3

vendor:lenovomodel:fingerprint manager proscope:eqversion:8.1.26

Trust: 0.3

vendor:lenovomodel:fingerprint manager proscope:eqversion:8.1.18

Trust: 0.3

vendor:lenovomodel:fingerprint manager proscope:eqversion:8.1.11

Trust: 0.3

vendor:lenovomodel:fingerprint manager proscope:eqversion:8.1.7

Trust: 0.3

vendor:lenovomodel:fingerprint manager proscope:eqversion:8.1.5

Trust: 0.3

vendor:lenovomodel:fingerprint manager proscope:eqversion:8.1

Trust: 0.3

vendor:lenovomodel:fingerprint manager proscope:eqversion:8.0.47

Trust: 0.3

vendor:lenovomodel:fingerprint manager proscope:neversion:8.1.87

Trust: 0.3

sources: CNVD: CNVD-2018-04363 // BID: 102837 // JVNDB: JVNDB-2018-001588 // CNNVD: CNNVD-201801-1044 // NVD: CVE-2017-3762

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-3762
value: HIGH

Trust: 1.0

NVD: CVE-2017-3762
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-04363
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201801-1044
value: HIGH

Trust: 0.6

VULHUB: VHN-111965
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-3762
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-04363
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-111965
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-3762
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-04363 // VULHUB: VHN-111965 // JVNDB: JVNDB-2018-001588 // CNNVD: CNNVD-201801-1044 // NVD: CVE-2017-3762

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.9

sources: VULHUB: VHN-111965 // JVNDB: JVNDB-2018-001588 // NVD: CVE-2017-3762

THREAT TYPE

local

Trust: 0.9

sources: BID: 102837 // CNNVD: CNNVD-201801-1044

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201801-1044

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-001588

PATCH
title:LEN-15999url:https://support.lenovo.com/jp/ja/product_security/len-15999
Trust: 0.8
title:Patches for hardcoded passwords for several Lenovo products FingerprintManagerProurl:https://www.cnvd.org.cn/patchInfo/show/120257
Trust: 0.6
title:Multiple Lenovo product Fingerprint Manager Pro Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78140
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-04363 // 
            
            
            
            JVNDB: JVNDB-2018-001588 // 
            
            
            
            CNNVD: CNNVD-201801-1044

EXTERNAL IDS
db:NVDid:CVE-2017-3762
Trust: 3.4
db:BIDid:102837
Trust: 2.6
db:LENOVOid:LEN-15999
Trust: 2.6
db:OPENWALLid:OSS-SECURITY/2019/05/08/3
Trust: 1.7
db:OPENWALLid:OSS-SECURITY/2019/05/08/5
Trust: 1.7
db:OPENWALLid:OSS-SECURITY/2019/05/08/4
Trust: 1.7
db:JVNDBid:JVNDB-2018-001588
Trust: 0.8
db:CNNVDid:CNNVD-201801-1044
Trust: 0.7
db:CNVDid:CNVD-2018-04363
Trust: 0.6
db:VULHUBid:VHN-111965
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-04363 // 
            
            
            
            VULHUB: VHN-111965 // 
            
            
            
            BID: 102837 // 
            
            
            
            JVNDB: JVNDB-2018-001588 // 
            
            
            
            CNNVD: CNNVD-201801-1044 // 
            
            
            
            NVD: CVE-2017-3762

REFERENCES
url:http://www.securityfocus.com/bid/102837
Trust: 2.3
url:https://support.lenovo.com/product_security/len-15999
Trust: 1.7
url:http://www.openwall.com/lists/oss-security/2019/05/08/3
Trust: 1.7
url:http://www.openwall.com/lists/oss-security/2019/05/08/4
Trust: 1.7
url:http://www.openwall.com/lists/oss-security/2019/05/08/5
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3762
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-3762
Trust: 0.8
url:https://support.lenovo.com/us/zh/product_security/len-15999
Trust: 0.6
url:http://www.lenovo.com/ca/en/
Trust: 0.3
url:https://support.lenovo.com/us/en/product_security/len-15999
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-04363 // 
            
            
            
            VULHUB: VHN-111965 // 
            
            
            
            BID: 102837 // 
            
            
            
            JVNDB: JVNDB-2018-001588 // 
            
            
            
            CNNVD: CNNVD-201801-1044 // 
            
            
            
            NVD: CVE-2017-3762

CREDITS
Jackson Thuraisamy from Security Compass
Trust: 0.3
sources:
            
            
            BID: 102837

SOURCES
db:CNVDid:CNVD-2018-04363
db:VULHUBid:VHN-111965
db:BIDid:102837
db:JVNDBid:JVNDB-2018-001588
db:CNNVDid:CNNVD-201801-1044
db:NVDid:CVE-2017-3762

LAST UPDATE DATE
2024-11-23T23:02:14.154000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-04363date:2018-03-06T00:00:00
db:VULHUBid:VHN-111965date:2019-05-08T00:00:00
db:BIDid:102837date:2018-01-25T00:00:00
db:JVNDBid:JVNDB-2018-001588date:2018-02-26T00:00:00
db:CNNVDid:CNNVD-201801-1044date:2019-05-14T00:00:00
db:NVDid:CVE-2017-3762date:2024-11-21T03:26:05.500

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-04363date:2018-03-06T00:00:00
db:VULHUBid:VHN-111965date:2018-01-26T00:00:00
db:BIDid:102837date:2018-01-25T00:00:00
db:JVNDBid:JVNDB-2018-001588date:2018-02-26T00:00:00
db:CNNVDid:CNNVD-201801-1044date:2018-01-29T00:00:00
db:NVDid:CVE-2017-3762date:2018-01-26T01:29:00.203