Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistLenovoCVELIST:CVE-2017-3743
HistoryJun 20, 2017 - 12:00 a.m.

CVE-2017-3743

2017-06-2000:00:00
lenovo
www.cve.org
1

0.001 Low

EPSS

Percentile

42.9%

JSON

If multiple users are concurrently logged into a single system where one user is sending a command via the Lenovo ToolsCenter Advanced Settings Utility (ASU), UpdateXpress System Pack Installer (UXSPI) or Dynamic System Analysis (DSA) to a second machine, the other users may be able to see the user ID and clear text password that were used to access the second machine during the time the command is processing.

CNA Affected

[
  {
    "product": "ToolsCenter",
    "vendor": "Lenovo Group Ltd.",
    "versions": [
      {
        "status": "affected",
        "version": "Lenovo Advanced Settings Utility versions earlier than 10.2 and UXSPI and DSA versions earlier than 10.3"
      }
    ]
  }
]

Related

cve 1
lenovo 2
nvd 1
prion 1
cve
cve
CVE-2017-3743
2017-06-20 00:29:00
lenovo
lenovo
Credentials sent through the Lenovo ToolsCenter may be exposed to local users - Lenovo Support US
2017-06-08 00:00:00
Credentials sent through the Lenovo ToolsCenter may be exposed to local users - us
2017-06-08 00:00:00
nvd
nvd
CVE-2017-3743
2017-06-20 00:29:00
prion
prion
Command injection
2017-06-20 00:29:00

0.001 Low

EPSS

Percentile

42.9%

JSON
Related for CVELIST:CVE-2017-3743
cve1lenovo2nvd1prion1