Sign-up

ID

VAR-201805-0171


CVE

CVE-2017-3775


TITLE

plural Lenovo System Product BIOS Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-004888

DESCRIPTION

Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code. plural Lenovo System Product BIOS Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. LenovoFlexSystemx240M5 and so on are all Lenovo's server equipment. Multiple Lenovo System x Servers are prone to a local authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks

Trust: 2.43

sources: NVD: CVE-2017-3775 // JVNDB: JVNDB-2018-004888 // CNVD: CNVD-2018-09190 // BID: 104275

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-09190

AFFECTED PRODUCTS

vendor:lenovomodel:flex system x280 x6 biosscope:ltversion:4.21

Trust: 1.0

vendor:lenovomodel:flex system x240 m5 biosscope:ltversion:2.61

Trust: 1.0

vendor:lenovomodel:system x3250 m6 biosscope:ltversion:2.23

Trust: 1.0

vendor:lenovomodel:nextscale nx360 m5 biosscope:ltversion:2.61

Trust: 1.0

vendor:lenovomodel:flex system x480 x6 biosscope:ltversion:4.21

Trust: 1.0

vendor:lenovomodel:system x3950 x6 biosscope:ltversion:4.3

Trust: 1.0

vendor:lenovomodel:system x3550 m5 biosscope:ltversion:2.61

Trust: 1.0

vendor:lenovomodel:system x3850 x6 biosscope:ltversion:4.3

Trust: 1.0

vendor:lenovomodel:system x3500 m5 biosscope:ltversion:2.61

Trust: 1.0

vendor:lenovomodel:flex system x880 biosscope:ltversion:4.21

Trust: 1.0

vendor:lenovomodel:system x3650 m5 biosscope:ltversion:2.61

Trust: 1.0

vendor:lenovomodel:flex system x240 m5scope: - version: -

Trust: 0.8

vendor:lenovomodel:flex system x280 x6scope: - version: -

Trust: 0.8

vendor:lenovomodel:flex system x480 x6scope: - version: -

Trust: 0.8

vendor:lenovomodel:flex system x880 x6scope: - version: -

Trust: 0.8

vendor:lenovomodel:nextscale nx360 m5scope: - version: -

Trust: 0.8

vendor:lenovomodel:system x3250 m6scope: - version: -

Trust: 0.8

vendor:lenovomodel:system x3500 m5scope: - version: -

Trust: 0.8

vendor:lenovomodel:system x3550 m5scope: - version: -

Trust: 0.8

vendor:lenovomodel:system x3650 m5scope: - version: -

Trust: 0.8

vendor:lenovomodel:system x3850 x6scope: - version: -

Trust: 0.8

vendor:lenovomodel:system x3950 x6scope: - version: -

Trust: 0.8

vendor:lenovomodel:flex system m5 bios/uefiscope:eqversion:x240<2.61

Trust: 0.6

vendor:lenovomodel:flex system bios/uefiscope:eqversion:x280x6<4.21

Trust: 0.6

vendor:lenovomodel:flex system bios/uefiscope:eqversion:x480x6<4.21

Trust: 0.6

vendor:lenovomodel:flex system bios/uefiscope:eqversion:x880<4.21

Trust: 0.6

vendor:lenovomodel:nextscale nx360 m5 bios/uefiscope:ltversion:2.61

Trust: 0.6

vendor:lenovomodel:system m6 bios/uefiscope:eqversion:x3250<2.23

Trust: 0.6

vendor:lenovomodel:system m5 bios/uefiscope:eqversion:x3500<2.61

Trust: 0.6

vendor:lenovomodel:system m5 bios/uefiscope:eqversion:x3550<2.6

Trust: 0.6

vendor:lenovomodel:system m5 bios/uefiscope:eqversion:x3650<2.61

Trust: 0.6

vendor:lenovomodel:system bios/uefiscope:eqversion:x3850x6<4.3

Trust: 0.6

vendor:lenovomodel:system bios/uefiscope:eqversion:x3950x6<4.3

Trust: 0.6

vendor:lenovomodel:systemscope:eqversion:x3950x60

Trust: 0.3

vendor:lenovomodel:systemscope:eqversion:x3850x60

Trust: 0.3

vendor:lenovomodel:system m5scope:eqversion:x36500

Trust: 0.3

vendor:lenovomodel:system m5scope:eqversion:x35500

Trust: 0.3

vendor:lenovomodel:system m5scope:eqversion:x35000

Trust: 0.3

vendor:lenovomodel:system m6scope:eqversion:x32500

Trust: 0.3

vendor:lenovomodel:nextscale nx360 m5scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:flex systemscope:eqversion:x8800

Trust: 0.3

vendor:lenovomodel:flex systemscope:eqversion:x480x60

Trust: 0.3

vendor:lenovomodel:flex systemscope:eqversion:x280x60

Trust: 0.3

vendor:lenovomodel:flex system m5scope:eqversion:x2400

Trust: 0.3

vendor:lenovomodel:systemscope:neversion:x3950x64.3

Trust: 0.3

vendor:lenovomodel:systemscope:neversion:x3850x64.3

Trust: 0.3

vendor:lenovomodel:system m5scope:neversion:x36502.61

Trust: 0.3

vendor:lenovomodel:system m5scope:neversion:x35502.61

Trust: 0.3

vendor:lenovomodel:system m5scope:neversion:x35002.61

Trust: 0.3

vendor:lenovomodel:system m6scope:neversion:x32502.23

Trust: 0.3

vendor:lenovomodel:nextscale nx360 m5scope:neversion:2.61

Trust: 0.3

vendor:lenovomodel:flex systemscope:neversion:x8804.21

Trust: 0.3

vendor:lenovomodel:flex systemscope:neversion:x480x64.21

Trust: 0.3

vendor:lenovomodel:flex systemscope:neversion:x280x64.21

Trust: 0.3

vendor:lenovomodel:flex system m5scope:neversion:x2402.61

Trust: 0.3

sources: CNVD: CNVD-2018-09190 // BID: 104275 // JVNDB: JVNDB-2018-004888 // NVD: CVE-2017-3775

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-3775
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-3775
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-09190
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201805-184
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2017-3775
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-09190
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-3775
baseSeverity: MEDIUM
baseScore: 6.4
vectorString: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.5
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-09190 // JVNDB: JVNDB-2018-004888 // CNNVD: CNNVD-201805-184 // NVD: CVE-2017-3775

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2018-004888 // NVD: CVE-2017-3775

THREAT TYPE

local

Trust: 0.9

sources: BID: 104275 // CNNVD: CNNVD-201805-184

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201805-184

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-004888

PATCH
title:LEN-20241url:https://support.lenovo.com/us/en/solutions/LEN-20241
Trust: 0.8
title:Patches for code execution vulnerabilities in several Lenovo productsurl:https://www.cnvd.org.cn/patchInfo/show/128519
Trust: 0.6
title:Multiple Lenovo Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79882
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-09190 // 
            
            
            
            JVNDB: JVNDB-2018-004888 // 
            
            
            
            CNNVD: CNNVD-201805-184

EXTERNAL IDS
db:NVDid:CVE-2017-3775
Trust: 3.3
db:LENOVOid:LEN-20241
Trust: 2.5
db:JVNDBid:JVNDB-2018-004888
Trust: 0.8
db:CNVDid:CNVD-2018-09190
Trust: 0.6
db:CNNVDid:CNNVD-201805-184
Trust: 0.6
db:BIDid:104275
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-09190 // 
            
            
            
            BID: 104275 // 
            
            
            
            JVNDB: JVNDB-2018-004888 // 
            
            
            
            CNNVD: CNNVD-201805-184 // 
            
            
            
            NVD: CVE-2017-3775

REFERENCES
url:https://support.lenovo.com/us/en/solutions/len-20241
Trust: 2.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3775
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-3775
Trust: 0.8
url:http://www.lenovo.com/ca/en/
Trust: 0.3
url:https://support.lenovo.com/in/en/solutions/len-20241
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-09190 // 
            
            
            
            BID: 104275 // 
            
            
            
            JVNDB: JVNDB-2018-004888 // 
            
            
            
            CNNVD: CNNVD-201805-184 // 
            
            
            
            NVD: CVE-2017-3775

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 104275

SOURCES
db:CNVDid:CNVD-2018-09190
db:BIDid:104275
db:JVNDBid:JVNDB-2018-004888
db:CNNVDid:CNNVD-201805-184
db:NVDid:CVE-2017-3775

LAST UPDATE DATE
2024-11-23T22:22:05.812000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-09190date:2018-05-09T00:00:00
db:BIDid:104275date:2018-05-03T00:00:00
db:JVNDBid:JVNDB-2018-004888date:2018-06-29T00:00:00
db:CNNVDid:CNNVD-201805-184date:2018-05-07T00:00:00
db:NVDid:CVE-2017-3775date:2024-11-21T03:26:06.720

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-09190date:2018-05-09T00:00:00
db:BIDid:104275date:2018-05-03T00:00:00
db:JVNDBid:JVNDB-2018-004888date:2018-06-29T00:00:00
db:CNNVDid:CNNVD-201805-184date:2018-05-07T00:00:00
db:NVDid:CVE-2017-3775date:2018-05-04T17:29:00.223