8.8 High
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.3 High
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:C/I:C/A:C
0.02 Low
EPSS
Percentile
87.5%
Lenovo Security Advisory: LEN-17125
Potential Impact: Remote code execution
Severity: High
Scope of Impact: Industry wide
CVE Identifier: CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, CVE-2017-0785, CVE-2017-8628, CVE-2017-14315, CVE-2017-1000250, CVE-2017-1000251
Summary Description:
A collection of Bluetooth implementation vulnerabilities known as “BlueBorne” have been identified that affect Windows, iOS, and Linux-kernel-based operating systems. In worst case scenarios, these vulnerabilities allow an unauthenticated attacker to perform commands on affected devices.
Mitigation Strategy for Consumers (what you should do to protect yourself):
Patches are available in the latest patch releases from Windows (see Microsoft bulletin), iOS, Linux providers, and Android (see September 2017 security bulletin).
U.S.-based phone and other mobile device users running Android are advised to regularly check this advisory page. Due to the complexity of the U.S. mobile ecosystem, which typically requires manufacturer and carrier support to push updates, updates are in progress. Users are encouraged to accept updates to their Android device upon receiving notifications to update their operating system.
If an update is not available, affected users should consider disabling Bluetooth on affected devices if Bluetooth is unused or unnecessary.
Product Impact:
8.8 High
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.3 High
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:C/I:C/A:C
0.02 Low
EPSS
Percentile
87.5%