Vulnerability-Lookup

CVE-2017-3747 (GCVE-0-2017-3747)

Vulnerability from cvelistv5 – Published: 2017-06-29 15:00 – Updated: 2024-09-16 22:56

Summary

Severity ?

No CVSS data available.

CWE

Privilege escalation

Assigner

lenovo

References

URL

	Vendor	Product	Version
	Lenovo Group Ltd.	Lenovo Nerve Center	Affected: Earlier than 1.70.0426

GHSA-RWQH-GR44-QVMG

Vulnerability from github – Published: 2022-05-13 01:45 – Updated: 2022-05-13 01:45

Details

Severity ?

5.5 (Medium)


                  
                    CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-3747"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-29T15:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Privilege escalation vulnerability in Lenovo Nerve Center for Windows 10 on Desktop systems (Lenovo Nerve Center for notebook systems is not affected) that could allow an attacker with local privileges on a system to alter registry keys.",
  "id": "GHSA-rwqh-gr44-qvmg",
  "modified": "2022-05-13T01:45:52Z",
  "published": "2022-05-13T01:45:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3747"
    },
    {
      "type": "WEB",
      "url": "https://support.lenovo.com/us/en/product_security/LEN-15046"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99286"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2017-3747

Vulnerability from fkie_nvd - Published: 2017-06-29 15:29 - Updated: 2025-04-20 01:37

Severity ?

5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Summary

References

URL	Tags
psirt@lenovo.com	http://www.securityfocus.com/bid/99286	Third Party Advisory, VDB Entry
psirt@lenovo.com	https://support.lenovo.com/us/en/product_security/LEN-15046	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/99286	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://support.lenovo.com/us/en/product_security/LEN-15046	Vendor Advisory

Impacted products

	Vendor	Product	Version
	lenovo	nerve_center	-
	microsoft	windows_10	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:lenovo:nerve_center:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F8A7D1B-AF5B-43B6-B1FB-39749ADC0E9B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBC814B4-7DEC-4EFC-ABFF-08FFD9FD16AA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Privilege escalation vulnerability in Lenovo Nerve Center for Windows 10 on Desktop systems (Lenovo Nerve Center for notebook systems is not affected) that could allow an attacker with local privileges on a system to alter registry keys."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de escalado de privilegios en Lenovo Nerve Center para Windows 10 en sistemas de sobremesa (Lenovo Nerve Center para notebooks no se ha visto afectado) que podr\u00eda permitir que un atacante con privilegios locales en un sistema altere claves de registro."
    }
  ],
  "id": "CVE-2017-3747",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-06-29T15:29:00.160",
  "references": [
    {
      "source": "psirt@lenovo.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99286"
    },
    {
      "source": "psirt@lenovo.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.lenovo.com/us/en/product_security/LEN-15046"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99286"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.lenovo.com/us/en/product_security/LEN-15046"
    }
  ],
  "sourceIdentifier": "psirt@lenovo.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2017-14022

Vulnerability from cnvd - Published: 2017-07-12

Title

Lenovo Nerve Center本地权限提升漏洞

Description

Lenovo Y900等都是中国联想（Lenovo）公司的笔记本电脑产品。Nerve Center for Windows 10是其中的一个用于Windows 10系统的计算机性能调控软件。 Lenovo Nerve Center存在本地权限提升漏洞。攻击者可利用该漏洞更改注册密钥。

Severity

低

Patch Name

Lenovo Nerve Center本地权限提升漏洞的补丁

Patch Description

Lenovo Y900等都是中国联想（Lenovo）公司的笔记本电脑产品。Nerve Center for Windows 10是其中的一个用于Windows 10系统的计算机性能调控软件。 Lenovo Nerve Center存在本地权限提升漏洞。攻击者可利用该漏洞更改注册密钥。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.lenovo.com/us/en/product_security/LEN-15046

Reference

http://www.securityfocus.com/bid/99286

Impacted products

Name
['Microsoft Windows 10', 'Lenovo Nerve Center']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "99286"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-3747",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3747"
    }
  },
  "description": "Lenovo Y900\u7b49\u90fd\u662f\u4e2d\u56fd\u8054\u60f3\uff08Lenovo\uff09\u516c\u53f8\u7684\u7b14\u8bb0\u672c\u7535\u8111\u4ea7\u54c1\u3002Nerve Center for Windows 10\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7528\u4e8eWindows 10\u7cfb\u7edf\u7684\u8ba1\u7b97\u673a\u6027\u80fd\u8c03\u63a7\u8f6f\u4ef6\u3002\r\n\r\nLenovo Nerve Center\u5b58\u5728\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u66f4\u6539\u6ce8\u518c\u5bc6\u94a5\u3002",
  "discovererName": "Lenovo",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.lenovo.com/us/en/product_security/LEN-15046",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-14022",
  "openTime": "2017-07-12",
  "patchDescription": "Lenovo Y900\u7b49\u90fd\u662f\u4e2d\u56fd\u8054\u60f3\uff08Lenovo\uff09\u516c\u53f8\u7684\u7b14\u8bb0\u672c\u7535\u8111\u4ea7\u54c1\u3002Nerve Center for Windows 10\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7528\u4e8eWindows 10\u7cfb\u7edf\u7684\u8ba1\u7b97\u673a\u6027\u80fd\u8c03\u63a7\u8f6f\u4ef6\u3002\r\n\r\nLenovo Nerve Center\u5b58\u5728\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u66f4\u6539\u6ce8\u518c\u5bc6\u94a5\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Lenovo Nerve Center\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Windows 10",
      "Lenovo Nerve Center"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/99286",
  "serverity": "\u4f4e",
  "submitTime": "2017-07-03",
  "title": "Lenovo Nerve Center\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

VAR-201706-0357

Vulnerability from variot - Updated: 2025-04-20 23:25

Privilege escalation vulnerability in Lenovo Nerve Center for Windows 10 on Desktop systems (Lenovo Nerve Center for notebook systems is not affected) that could allow an attacker with local privileges on a system to alter registry keys. LenovoY900 and other Lenovo are Lenovo's notebook products. NerveCenter for Windows 10 is one of the computer performance control software for Windows 10 systems. There is a local privilege elevation vulnerability in LenovoNerveCenter. An attacker could use this vulnerability to change the registration key

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201706-0357",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "nerve center",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "nerve center",
        "scope": null,
        "trust": 1.4,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "windows",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "10"
      },
      {
        "model": "nerve center y910",
        "scope": null,
        "trust": 0.3,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "nerve center y900 re",
        "scope": null,
        "trust": 0.3,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "nerve center y900",
        "scope": null,
        "trust": 0.3,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "nerve center y720cube",
        "scope": null,
        "trust": 0.3,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "nerve center y710cube",
        "scope": null,
        "trust": 0.3,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "nerve center y700",
        "scope": null,
        "trust": 0.3,
        "vendor": "lenovo",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14022"
      },
      {
        "db": "BID",
        "id": "99286"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005178"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1179"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3747"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:lenovo:nerve_center",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005178"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "99286"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-3747",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2017-3747",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 1.8,
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2017-14022",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "VHN-111950",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 1.8,
            "id": "CVE-2017-3747",
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-3747",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-3747",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-14022",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201706-1179",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-111950",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14022"
      },
      {
        "db": "VULHUB",
        "id": "VHN-111950"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005178"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1179"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3747"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Privilege escalation vulnerability in Lenovo Nerve Center for Windows 10 on Desktop systems (Lenovo Nerve Center for notebook systems is not affected) that could allow an attacker with local privileges on a system to alter registry keys. LenovoY900 and other Lenovo are Lenovo\u0027s notebook products. NerveCenter for Windows 10 is one of the computer performance control software for Windows 10 systems. There is a local privilege elevation vulnerability in LenovoNerveCenter. An attacker could use this vulnerability to change the registration key",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-3747"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005178"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-14022"
      },
      {
        "db": "BID",
        "id": "99286"
      },
      {
        "db": "VULHUB",
        "id": "VHN-111950"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-3747",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "99286",
        "trust": 2.6
      },
      {
        "db": "LENOVO",
        "id": "LEN-15046",
        "trust": 2.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005178",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1179",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-14022",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-111950",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14022"
      },
      {
        "db": "VULHUB",
        "id": "VHN-111950"
      },
      {
        "db": "BID",
        "id": "99286"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005178"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1179"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3747"
      }
    ]
  },
  "id": "VAR-201706-0357",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14022"
      },
      {
        "db": "VULHUB",
        "id": "VHN-111950"
      }
    ],
    "trust": 1.325
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14022"
      }
    ]
  },
  "last_update_date": "2025-04-20T23:25:01.055000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "LEN-15046",
        "trust": 0.8,
        "url": "https://support.lenovo.com/jp/ja/product_security/len-15046"
      },
      {
        "title": "Patch for LenovoNerveCenter Local Privilege Escalation Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/97889"
      },
      {
        "title": "Multiple Lenovo product Nerve Center for Windows 10 Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71343"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14022"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005178"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1179"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-111950"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005178"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3747"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/99286"
      },
      {
        "trust": 2.0,
        "url": "https://support.lenovo.com/us/en/product_security/len-15046"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3747"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3747"
      },
      {
        "trust": 0.3,
        "url": "http://www.lenovo.com/ca/en/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14022"
      },
      {
        "db": "VULHUB",
        "id": "VHN-111950"
      },
      {
        "db": "BID",
        "id": "99286"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005178"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1179"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3747"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14022"
      },
      {
        "db": "VULHUB",
        "id": "VHN-111950"
      },
      {
        "db": "BID",
        "id": "99286"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005178"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1179"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3747"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-14022"
      },
      {
        "date": "2017-06-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-111950"
      },
      {
        "date": "2017-06-22T00:00:00",
        "db": "BID",
        "id": "99286"
      },
      {
        "date": "2017-07-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-005178"
      },
      {
        "date": "2017-06-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201706-1179"
      },
      {
        "date": "2017-06-29T15:29:00.160000",
        "db": "NVD",
        "id": "CVE-2017-3747"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-14022"
      },
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-111950"
      },
      {
        "date": "2017-06-22T00:00:00",
        "db": "BID",
        "id": "99286"
      },
      {
        "date": "2017-07-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-005178"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201706-1179"
      },
      {
        "date": "2025-04-20T01:37:25.860000",
        "db": "NVD",
        "id": "CVE-2017-3747"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "99286"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1179"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Windows 10 For on-board desktop system  Lenovo Nerve Center Vulnerability in which privileges are elevated",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005178"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control issues",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1179"
      }
    ],
    "trust": 0.6
  }
}

GSD-2017-3747

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-3747

Aliases

CVE-2017-3747

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-3747",
    "description": "Privilege escalation vulnerability in Lenovo Nerve Center for Windows 10 on Desktop systems (Lenovo Nerve Center for notebook systems is not affected) that could allow an attacker with local privileges on a system to alter registry keys.",
    "id": "GSD-2017-3747"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-3747"
      ],
      "details": "Privilege escalation vulnerability in Lenovo Nerve Center for Windows 10 on Desktop systems (Lenovo Nerve Center for notebook systems is not affected) that could allow an attacker with local privileges on a system to alter registry keys.",
      "id": "GSD-2017-3747",
      "modified": "2023-12-13T01:21:16.083639Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@lenovo.com",
        "DATE_PUBLIC": "2017-06-22T00:00:00",
        "ID": "CVE-2017-3747",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Lenovo Nerve Center",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Earlier than 1.70.0426"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Lenovo Group Ltd."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Privilege escalation vulnerability in Lenovo Nerve Center for Windows 10 on Desktop systems (Lenovo Nerve Center for notebook systems is not affected) that could allow an attacker with local privileges on a system to alter registry keys."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Privilege escalation"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "99286",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/99286"
          },
          {
            "name": "https://support.lenovo.com/us/en/product_security/LEN-15046",
            "refsource": "CONFIRM",
            "url": "https://support.lenovo.com/us/en/product_security/LEN-15046"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:lenovo:nerve_center:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@lenovo.com",
          "ID": "CVE-2017-3747"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Privilege escalation vulnerability in Lenovo Nerve Center for Windows 10 on Desktop systems (Lenovo Nerve Center for notebook systems is not affected) that could allow an attacker with local privileges on a system to alter registry keys."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.lenovo.com/us/en/product_security/LEN-15046",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/LEN-15046"
            },
            {
              "name": "99286",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/99286"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2017-06-29T15:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-3747 (GCVE-0-2017-3747)

GHSA-RWQH-GR44-QVMG

FKIE_CVE-2017-3747

CNVD-2017-14022

VAR-201706-0357

GSD-2017-3747

Tags

Sightings

Nomenclature