Lucene search

[email protected]CVE-2017-3740

HistoryJun 04, 2017 - 9:29 p.m.

CVE-2017-3740

2017-06-0421:29:00

[email protected]

web.nvd.nist.gov

cve

2017

3740

lenovo

active protection system

denial of service

nvd

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

In Lenovo Active Protection System before 1.82.0.14, an attacker with local privileges could send commands to the system’s embedded controller, which could cause a denial of service attack on the system or the ability to alter hardware functionality.

Affected configurations

NVD

Node

lenovoactive_protection_systemMatch1.00b

lenovoactive_protection_systemMatch1.01b

lenovoactive_protection_systemMatch1.20b

lenovoactive_protection_systemMatch1.21

lenovoactive_protection_systemMatch1.22

lenovoactive_protection_systemMatch1.23

lenovoactive_protection_systemMatch1.30b

lenovoactive_protection_systemMatch1.31

lenovoactive_protection_systemMatch1.32

lenovoactive_protection_systemMatch1.33b

lenovoactive_protection_systemMatch1.34

lenovoactive_protection_systemMatch1.40

lenovoactive_protection_systemMatch1.41

lenovoactive_protection_systemMatch1.50

lenovoactive_protection_systemMatch1.51

lenovoactive_protection_systemMatch1.52

lenovoactive_protection_systemMatch1.53

lenovoactive_protection_systemMatch1.54

lenovoactive_protection_systemMatch1.61

lenovoactive_protection_systemMatch1.62

lenovoactive_protection_systemMatch1.63

lenovoactive_protection_systemMatch1.64

lenovoactive_protection_systemMatch1.70

lenovoactive_protection_systemMatch1.71

lenovoactive_protection_systemMatch1.72

lenovoactive_protection_systemMatch1.73

lenovoactive_protection_systemMatch1.74

lenovoactive_protection_systemMatch1.75

lenovoactive_protection_systemMatch1.76

lenovoactive_protection_systemMatch1.77.0.5

lenovoactive_protection_systemMatch1.77.0.7

lenovoactive_protection_systemMatch1.77.0.8

lenovoactive_protection_systemMatch1.77.0.9

lenovoactive_protection_systemMatch1.77.0.11

lenovoactive_protection_systemMatch1.77.0.20

lenovoactive_protection_systemMatch1.77.0.26

lenovoactive_protection_systemMatch1.78.0.09

lenovoactive_protection_systemMatch1.78.0.10

lenovoactive_protection_systemMatch1.78.0.11

lenovoactive_protection_systemMatch1.79.0.03

lenovoactive_protection_systemMatch1.80.1.00

lenovoactive_protection_systemMatch1.80.3.00

lenovoactive_protection_systemMatch1.80.8.00

lenovoactive_protection_systemMatch1.80.11.00

lenovoactive_protection_systemMatch1.81.0.08

lenovoactive_protection_systemMatch1.82.0.03

lenovoactive_protection_systemMatch1.82.0.06

lenovoactive_protection_systemMatch1.82.0.07

lenovoactive_protection_systemMatch1.82.0.10

CPENameOperatorVersion
lenovo:active_protection_systemlenovo active protection systemeq1.00b
lenovo:active_protection_systemlenovo active protection systemeq1.01b
lenovo:active_protection_systemlenovo active protection systemeq1.20b
lenovo:active_protection_systemlenovo active protection systemeq1.21
lenovo:active_protection_systemlenovo active protection systemeq1.22
lenovo:active_protection_systemlenovo active protection systemeq1.23
lenovo:active_protection_systemlenovo active protection systemeq1.30b
lenovo:active_protection_systemlenovo active protection systemeq1.31
lenovo:active_protection_systemlenovo active protection systemeq1.32
lenovo:active_protection_systemlenovo active protection systemeq1.33b

CPE	Name	Operator	Version
lenovo:active_protection_system	lenovo active protection system	eq	1.00b
lenovo:active_protection_system	lenovo active protection system	eq	1.01b
lenovo:active_protection_system	lenovo active protection system	eq	1.20b
lenovo:active_protection_system	lenovo active protection system	eq	1.21
lenovo:active_protection_system	lenovo active protection system	eq	1.22
lenovo:active_protection_system	lenovo active protection system	eq	1.23
lenovo:active_protection_system	lenovo active protection system	eq	1.30b
lenovo:active_protection_system	lenovo active protection system	eq	1.31
lenovo:active_protection_system	lenovo active protection system	eq	1.32
lenovo:active_protection_system	lenovo active protection system	eq	1.33b

Rows per page:

1-10 of 491

CNA Affected

[
  {
    "product": "Active Protection System",
    "vendor": "Lenovo Group Ltd.",
    "versions": [
      {
        "status": "affected",
        "version": "Earlier than 1.82.0.14"
      }
    ]
  }
]

References

support.lenovo.com/us/en/product_security/LEN-13637

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2017-3740

nvd1 lenovo2 cvelist1 prion1