Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2017-3753
HistoryAug 10, 2017 - 12:29 a.m.

CVE-2017-3753

2017-08-1000:29:00
CWE-94
[email protected]
web.nvd.nist.gov
29
lenovo
uefi
bios
vulnerability
ami
administrative privileges
physical access
system protections
device guard
hyper-v
nvd
cve-2017-3753

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.4%

JSON

A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. (AMI). With this vulnerability, conditions exist where an attacker with administrative privileges or physical access to a system may be able to run specially crafted code that can allow them to bypass system protections such as Device Guard and Hyper-V.

Affected configurations

NVD
Node
lenovoideacentre_300-20ish_firmwareMatch-
AND
lenovoideacentre_300-20ishMatch-
Node
lenovoideacentre_300s-11ishMatch-
AND
lenovoideacentre_300s-11ish_firmwareMatch-
Node
lenovoideacentre_510s-08ishMatch-
AND
lenovoideacentre_510s-08ish_firmwareMatch-
Node
lenovoideacentre_700Match-
AND
lenovoideacentre_700_firmwareMatch-
Node
lenovo63Match-
AND
lenovo63_firmwareMatchfckt78a
Node
lenovoh50-30gMatch-
AND
lenovoh50-30g_firmwareMatchfckt78a
Node
lenovom4500Match-
AND
lenovom4500_firmwareMatchfckt78a
Node
lenovom4500_idMatch-
AND
lenovom4500_id_firmwareMatchfckt78a
Node
lenovom4550_idMatch-
AND
lenovom4550_id_firmwareMatchfckt78a
Node
lenovos500_firmwareMatchm0kkt24a
AND
lenovos500Match-
Node
lenovov320-15iap_firmwareMatch-
AND
lenovov320-15iapMatch-
Node
lenovothinkcentre_e73_firmwareMatchfckt78a
AND
lenovothinkcentre_e73Match-
Node
lenovothinkcentre_e73s_firmwareMatchfckt78a
AND
lenovothinkcentre_e73sMatch-
Node
lenovothinkcentre_e74_firmwareMatchm05kt54a
AND
lenovothinkcentre_e74Match-
Node
lenovothinkcentre_e74s_firmwareMatchm05kt54a
AND
lenovothinkcentre_e74sMatch-
Node
lenovothinkcentre_e75_t\/s_firmwareMatch-
AND
lenovothinkcentre_e75_t\/sMatch-
Node
lenovothinkcentre_e79_firmwareMatchm0lkt12a
AND
lenovothinkcentre_e79Match-
Node
lenovothinkcentre_e93_firmwareMatchfbktc5a
AND
lenovothinkcentre_e93Match-
Node
lenovothinkcentre_m4500k_firmwareMatchfckt78a
AND
lenovothinkcentre_m4500kMatch-
Node
lenovothinkcentre_m4500q_firmwareMatchfhkt66a
AND
lenovothinkcentre_m4500qMatch-
Node
lenovothinkcentre_m4500t\/s_firmwareMatchfckt78a
AND
lenovothinkcentre_m4500t\/sMatch-
Node
lenovothinkcentre_m4600t\/s_firmwareMatchm05kt54a
AND
lenovothinkcentre_m4600t\/sMatch-
Node
lenovothinkcentre_m600_firmwareMatchm00kt44a
AND
lenovothinkcentre_m600Match-
Node
lenovothinkcentre_m610_firmwareMatch-
AND
lenovothinkcentre_m610Match-
Node
lenovothinkcentre_m6500t\/s_firmwareMatchfbktc5a
AND
lenovothinkcentre_m6500t\/sMatch-
Node
lenovothinkcentre_m6600_firmwareMatchfwkt39a
AND
lenovothinkcentre_m6600Match-
Node
lenovothinkcentre_m6600q_firmwareMatchfwkt39a
AND
lenovothinkcentre_m6600qMatch-
Node
lenovothinkcentre_m6600t\/sMatch-
AND
lenovothinkcentre_m6600t\/s_firmwareMatchfwkt39a
Node
lenovothinkcentre_m700_firmwareMatchm05kt54a
AND
lenovothinkcentre_m700Match-
Node
lenovothinkcentre_m710t\/s_firmwareMatch-
AND
lenovothinkcentre_m710t\/sMatch-
Node
lenovothinkcentre_m715q_firmwareMatch-
AND
lenovothinkcentre_m715qMatch-
Node
lenovothinkcentre_m72e_firmwareMatchf1kt71a
AND
lenovothinkcentre_m72eMatch-
Node
lenovothinkcentre_m73_firmwareMatchfckt78a
AND
lenovothinkcentre_m73Match-
Node
lenovothinkcentre_m73p_firmwareMatchfbktc5a
AND
lenovothinkcentre_m73pMatch-
Node
lenovothinkcentre_m79_firmwareMatchm0lkt12a
AND
lenovothinkcentre_m79Match-
Node
lenovothinkcentre_m800_firmwareMatchfwkt39a
AND
lenovothinkcentre_m800Match-
Node
lenovothinkcentre_m83_firmwareMatchfbktcga
AND
lenovothinkcentre_m83Match-
Node
lenovothinkcentre_m8500t\/s_firmwareMatchfbktc5a
AND
lenovothinkcentre_m8500t\/sMatch-
Node
lenovothinkcentre_m8600t\/s_firmwareMatchfwkt39a
AND
lenovothinkcentre_m8600t\/sMatch-
Node
lenovothinkcentre_m900_firmwareMatchfwkt39a
AND
lenovothinkcentre_m900Match-
Node
lenovothinkcentre_m910t\/s_firmwareMatch-
AND
lenovothinkcentre_m910t\/sMatch-
Node
lenovothinkcentre_m910q_firmwareMatch-
AND
lenovothinkcentre_m910qMatch-
Node
lenovothinkcentre_m910x_firmwareMatch-
AND
lenovothinkcentre_m910xMatch-
Node
lenovothinkcentre_m92_firmwareMatch9skt95a
AND
lenovothinkcentre_m92Match-
Node
lenovothinkcentre_m92p_firmwareMatch9skt95a
AND
lenovothinkcentre_m92pMatch-
Node
lenovothinkcentre_m93_firmwareMatchfbktc5a
AND
lenovothinkcentre_m93Match-
Node
lenovothinkcentre_m93p_firmwareMatchfbktc5a
AND
lenovothinkcentre_m93pMatch-
Node
lenovoyangtian_afh110_firmwareMatchm05kt73a
AND
lenovoyangtian_afh110Match-
Node
lenovoyangtian_afh81_firmwareMatchfckt80a
AND
lenovoyangtian_afh81Match-
Node
lenovoyangtian_afq150_firmwareMatchfwkt57a
AND
lenovoyangtian_afq150Match-
Node
lenovoyangtian_mc_carrizo-l_firmwareMatch-
AND
lenovoyangtian_mc_carrizo-lMatch-
Node
lenovoyangtian_mc_godavari_firmwareMatchm0lkt13a
AND
lenovoyangtian_mc_godavariMatch-
Node
lenovoyangtian_mc_h110_firmwareMatchm05kt61a
AND
lenovoyangtian_mc_h110Match-
Node
lenovoyangtian_mc_h81_firmwareMatchfckt80a
AND
lenovoyangtian_mc_h81Match-
Node
lenovoyangtian_me\/we_h110_firmwareMatchm05kt61a
AND
lenovoyangtian_mc_h110Match-
Node
lenovoyangtian_mf\/wf_h81_firmwareMatchfckt80a
AND
lenovoyangtian_mf\/wf_h81Match-
Node
lenovoideacentre_510s-23isu_firmwareMatcho2ekt24a
AND
lenovoideacentre_510s-23isuMatch-
Node
lenovos200z_firmwareMatchm09kt33a
AND
lenovos200zMatch-
Node
lenovothinkcentre_e73z_\(aio\)_firmwareMatchfgkt49a
AND
lenovothinkcentre_e73z_\(aio\)Match-
Node
lenovothinkcentre_e74z_firmwareMatchfvkt48a
AND
lenovothinkcentre_e74zMatch-
Node
lenovothinkcentre_e93z_\(aio\)_firmwareMatchffkt43a
AND
lenovothinkcentre_e93z_\(aio\)Match-
Node
lenovothinkcentre_edge_62z_firmwareMatchf8kt40a
AND
lenovothinkcentre_edge_62zMatch-
Node
lenovothinkcentre_m700z_firmwareMatchfvkt48a
AND
lenovothinkcentre_m700zMatch-
Node
lenovothinkcentre_m7200z_firmwareMatchfgkt46a
AND
lenovothinkcentre_m7200zMatch-
Node
lenovothinkcentre_m7250z_firmwareMatchfgkt46a
AND
lenovothinkcentre_m7250zMatch-
Node
lenovothinkcentre_m7300z_firmwareMatchfvkt42a
AND
lenovothinkcentre_m7300zMatch-
Node
lenovothinkcentre_m73z_\(aio\)_firmwareMatchfgkt46a
AND
lenovothinkcentre_m73z_\(aio\)Match-
Node
lenovothinkcentre_m800z_firmwareMatchfvkt42a
AND
lenovothinkcentre_m800zMatch-
Node
lenovothinkcentre_m810z_firmwareMatch-
AND
lenovothinkcentre_m810zMatch-
Node
lenovothinkcentre_m8200z_firmwareMatchfgkt46a
AND
lenovothinkcentre_m8200zMatch-
Node
lenovothinkcentre_m8250z_firmwareMatchfgkt46a
AND
lenovothinkcentre_m8250zMatch-
Node
lenovothinkcentre_m8300z_firmwareMatchfvkt42a
AND
lenovothinkcentre_m8300zMatch-
Node
lenovothinkcentre_m8350z_firmwareMatchfvkt42a
AND
lenovothinkcentre_m8350zMatch-
Node
lenovothinkcentre_m83z_\(aio\)_firmwareMatchfvkt42a
AND
lenovothinkcentre_m83z_\(aio\)Match-
Node
lenovothinkcentre_m900z_firmwareMatchfukt39a
AND
lenovothinkcentre_m900zMatch-
Node
lenovothinkcentre_m9500z_firmwareMatchfukt44a
AND
lenovothinkcentre_m9500zMatch-
Node
lenovothinkcentre_m9550z_firmwareMatchfukt44a
AND
lenovothinkcentre_m9550zMatch-
Node
lenovothinkcentre_x1_aio_firmwareMatchm0hkt32a
AND
lenovothinkcentre_x1_aioMatch-
Node
lenovoyangtian_s3040_firmwareMatchfgkt49a
AND
lenovoyangtian_s3040Match-
Node
lenovoyangtian_s800_firmwareMatchffkt43a
AND
lenovoyangtian_s3040Match-
Node
lenovothinkserver_rd340_firmwareMatch-
AND
lenovothinkserver_rd340Match-
Node
lenovothinkserver_rd440_firmwareMatcha0tsb5a
AND
lenovothinkserver_rd440Match-
Node
lenovothinkserver_rd540_firmwareMatcha1tsb5a
AND
lenovothinkserver_rd540Match-
Node
lenovothinkserver_rd640_firmwareMatcha1tsb5a
AND
lenovothinkserver_rd540Match-
Node
lenovothinkserver_rq750_firmwareMatch7.05
AND
lenovothinkserver_rq750Match-
Node
lenovothinkserver_rs140_firmwareMatchfbkt91c
AND
lenovothinkserver_rs140Match-
Node
lenovothinkserver_td340_firmwareMatcha3tsb5a
AND
lenovothinkserver_td340Match-
Node
lenovothinkserver_ts140_firmwareMatchfbktc3a
AND
lenovothinkserver_ts140Match-
Node
lenovothinkserver_ts150_firmwareMatchfbktc3a
AND
lenovothinkserver_ts150Match-
Node
lenovothinkserver_ts240_firmwareMatchfbktc3a
AND
lenovothinkserver_ts240Match-
Node
lenovothinkserver_ts250_firmwareMatch-
AND
lenovothinkserver_ts250Match-
Node
lenovothinkserver_ts450_firmwareMatch-
AND
lenovothinkserver_ts450Match-
Node
lenovothinkserver_ts550_firmwareMatch-
AND
lenovothinkserver_ts550Match-
Node
lenovothinkstation_c30_\(1136\)_firmwareMatcha1kt57a
AND
lenovothinkstation_c30_\(1136\)Match-
Node
lenovothinkstation_d30_\(4353\)_firmwareMatcha3kt57a
AND
lenovothinkstation_d30_\(4353\)Match-
Node
lenovothinkstation_e31_firmwareMatch9skt97a
AND
lenovothinkstation_e31Match-
Node
lenovothinkstation_e32_firmwareMatchfbktc6a
AND
lenovothinkstation_e32Match-
Node
lenovothinkstation_p300_firmwareMatchfbktc6a
AND
lenovothinkstation_p300Match-
Node
lenovothinkstation_p310_firmwareMatchfwkt57a
AND
lenovothinkstation_p310Match-
Node
lenovothinkstation_p320_firmwareMatch-
AND
lenovothinkstation_p320Match-
Node
lenovothinkstation_p410_firmwareMatch-
AND
lenovothinkstation_p410Match-
Node
lenovothinkstation_p500_firmwareMatcha4kt86a
AND
lenovothinkstation_p500Match-
Node
lenovothinkstation_p510_firmwareMatch-
AND
lenovothinkstation_p510Match-
Node
lenovothinkstation_p700_firmwareMatcha5kt86a
AND
lenovothinkstation_p700Match-
Node
lenovothinkstation_p710_firmwareMatch-
AND
lenovothinkstation_p710Match-
Node
lenovothinkstation_p900_firmwareMatcha6kt86a
AND
lenovothinkstation_p900Match-
Node
lenovothinkstation_p910_firmwareMatch-
AND
lenovothinkstation_p910Match-
Node
lenovothinkstation_s30_\(4351\)_firmwareMatcha2kt54a
AND
lenovothinkstation_s30_\(4351\)Match-
Node
lenovothinkstation_c30_\(1137\)_firmwareMatcha1kt57a
AND
lenovothinkstation_c30_\(1137\)Match-
Node
lenovothinkstation_s30_\(4352\)_firmwareMatcha2kt54a
AND
lenovothinkstation_s30_\(4352\)Match-
Node
lenovothinkstation_d30_\(4354\)_firmwareMatcha3kt57a
AND
lenovothinkstation_d30_\(4354\)Match-

CNA Affected

[
  {
    "product": "Desktop and Notebook BIOS",
    "vendor": "Lenovo Group Ltd.",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  }
]

Related

prion 1
lenovo 2
cvelist 1
nvd 1
prion
prion
Race condition
2017-08-10 00:29:00
lenovo
lenovo
BIOS SMI Handler Input Validation Failures - US
2018-04-11 03:47:00
BIOS SMI Handler Input Validation Failures - Lenovo Support US
2018-04-11 03:47:00
cvelist
cvelist
CVE-2017-3753
2017-07-27 00:00:00
nvd
nvd
CVE-2017-3753
2017-08-10 00:29:00

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.4%

JSON
Related for CVE-2017-3753
prion1lenovo2cvelist1nvd1