Vulnerability-Lookup

CVE-2017-3750 (GCVE-0-2017-3750)

Vulnerability from cvelistv5 – Published: 2017-06-29 15:00 – Updated: 2024-09-16 22:40

Summary

Severity ?

No CVSS data available.

CWE

Privilege escalation

Assigner

lenovo

References

URL

	Vendor	Product	Version
	Lenovo Group Ltd.	Lenovo Vibe and Lenovo China-only Moto Mobile Phones	Affected: Earlier than 6.0

GSD-2017-3750

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-3750

Aliases

CVE-2017-3750

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-3750",
    "description": "On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3749.",
    "id": "GSD-2017-3750"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-3750"
      ],
      "details": "On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3749.",
      "id": "GSD-2017-3750",
      "modified": "2023-12-13T01:21:16.650458Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@lenovo.com",
        "DATE_PUBLIC": "2017-06-28T00:00:00",
        "ID": "CVE-2017-3750",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Lenovo Vibe and Lenovo China-only Moto Mobile Phones",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Earlier than 6.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Lenovo Group Ltd."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3749."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Privilege escalation"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.lenovo.com/us/en/product_security/LEN-15823",
            "refsource": "CONFIRM",
            "url": "https://support.lenovo.com/us/en/product_security/LEN-15823"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "5.1.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:vibe_k32c30:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:vibe_k80m:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:vibe_a3600u:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:vibe_a3800-d:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:vibe_a2560:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:vibe_a1600:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:vibe_k30-w-cu:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:vibe_a3900:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:vibe_a6000-i:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:vibe_a3600-d:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:vibe_a2860:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:vibe_a6020i37:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:vibe_a6800:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:vibe_a2880:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:vibe_a3000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:vibe_k30-e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:vibe_a6000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:vibe_a6600:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:vibe_a3500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:vibe_a2800:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@lenovo.com",
          "ID": "CVE-2017-3750"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3749."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.lenovo.com/us/en/product_security/LEN-15823",
              "refsource": "CONFIRM",
              "tags": [
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/LEN-15823"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 0.5,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2017-06-29T15:29Z"
    }
  }
}

GHSA-R87Q-892P-73WG

Vulnerability from github – Published: 2022-05-13 01:45 – Updated: 2022-05-13 01:45

Details

Severity ?

6.4 (Medium)


                  
                    CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-3750"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-29T15:29:00Z",
    "severity": "MODERATE"
  },
  "details": "On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3749.",
  "id": "GHSA-r87q-892p-73wg",
  "modified": "2022-05-13T01:45:51Z",
  "published": "2022-05-13T01:45:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3750"
    },
    {
      "type": "WEB",
      "url": "https://support.lenovo.com/us/en/product_security/LEN-15823"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

VAR-201706-0360

Vulnerability from variot - Updated: 2025-04-20 23:29

On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3749. Lenovo VIBE cell phone's Lenovo Security Android Applications have vulnerabilities related to authorization, permissions, and access control.CVE-2017-3748 and CVE-2017-3749 Information is obtained, information is tampered with, and service operation is disrupted by exploiting it together with vulnerabilities (DoS) There is a possibility of being put into a state. Android6.0Marshmallow is a Linux-based open source operating system jointly developed by Google and the Open Handheld Device Alliance (OHA). LenovoA2010-a, etc. are all Lenovo's smartphone products using the Android6.0 Marshmallow operating system. A Permission Access Vulnerability exists in several LenovoVIBE phones using versions prior to Android6.0 Marshmallow, which stems from the LenovoSecurityAndroid app allowing backup and storage of private data via AndroidDebugBridge. An attacker could exploit the vulnerability to gain elevated privileges

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201706-0360",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "android",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "google",
        "version": "5.1.1"
      },
      {
        "model": "android",
        "scope": null,
        "trust": 0.8,
        "vendor": "google",
        "version": null
      },
      {
        "model": "vibe a1600",
        "scope": null,
        "trust": 0.6,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "vibe a2560",
        "scope": null,
        "trust": 0.6,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "vibe a2800",
        "scope": null,
        "trust": 0.6,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "vibe a2860",
        "scope": null,
        "trust": 0.6,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "vibe a2880",
        "scope": null,
        "trust": 0.6,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "vibe a3000",
        "scope": null,
        "trust": 0.6,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "vibe a3500",
        "scope": null,
        "trust": 0.6,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "vibe a3600-d",
        "scope": null,
        "trust": 0.6,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "vibe a3600u",
        "scope": null,
        "trust": 0.6,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "vibe a3800-d",
        "scope": null,
        "trust": 0.6,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "vibe a3900",
        "scope": null,
        "trust": 0.6,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "vibe a6000",
        "scope": null,
        "trust": 0.6,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "vibe a6000-i",
        "scope": null,
        "trust": 0.6,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "vibe a6020i37",
        "scope": null,
        "trust": 0.6,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "vibe a6600",
        "scope": null,
        "trust": 0.6,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "vibe a6800",
        "scope": null,
        "trust": 0.6,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "vibe k30-e",
        "scope": null,
        "trust": 0.6,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "vibe k30-w-cu",
        "scope": null,
        "trust": 0.6,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "vibe k32c30",
        "scope": null,
        "trust": 0.6,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "vibe k80m",
        "scope": null,
        "trust": 0.6,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "android",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "google",
        "version": "5.1.1"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14024"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005177"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1219"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3750"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:google:android",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005177"
      }
    ]
  },
  "cve": "CVE-2017-3750",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "id": "CVE-2017-3750",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2017-14024",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.5,
            "id": "CVE-2017-3750",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-3750",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-3750",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-14024",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201706-1219",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2017-3750",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14024"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-3750"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005177"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1219"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3750"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3749. Lenovo VIBE cell phone\u0027s Lenovo Security Android Applications have vulnerabilities related to authorization, permissions, and access control.CVE-2017-3748 and CVE-2017-3749 Information is obtained, information is tampered with, and service operation is disrupted by exploiting it together with vulnerabilities (DoS) There is a possibility of being put into a state. Android6.0Marshmallow is a Linux-based open source operating system jointly developed by Google and the Open Handheld Device Alliance (OHA). LenovoA2010-a, etc. are all Lenovo\u0027s smartphone products using the Android6.0 Marshmallow operating system. A Permission Access Vulnerability exists in several LenovoVIBE phones using versions prior to Android6.0 Marshmallow, which stems from the LenovoSecurityAndroid app allowing backup and storage of private data via AndroidDebugBridge. An attacker could exploit the vulnerability to gain elevated privileges",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-3750"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005177"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-14024"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-3750"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-3750",
        "trust": 3.1
      },
      {
        "db": "LENOVO",
        "id": "LEN-15823",
        "trust": 2.3
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005177",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-14024",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1219",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-3750",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14024"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-3750"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005177"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1219"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3750"
      }
    ]
  },
  "id": "VAR-201706-0360",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14024"
      }
    ],
    "trust": 1.6
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14024"
      }
    ]
  },
  "last_update_date": "2025-04-20T23:29:41.227000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
        "trust": 0.8,
        "url": "https://www.android.com/intl/ja_jp/phones/"
      },
      {
        "title": "VIBE Series",
        "trust": 0.8,
        "url": "http://www3.lenovo.com/in/en/smartphones/smartphone-vibe-series/c/smartphone-vibe-series"
      },
      {
        "title": "Patches for several LenovoVIBE mobile rights access vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/97884"
      },
      {
        "title": "Multiple Lenovo VIBE Fixes for mobile rights permissions and access control vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71357"
      },
      {
        "title": "Fireeye Threat Research",
        "trust": 0.2,
        "url": "https://www.fireeye.com/blog/threat-research/2017/05/gaining-root-on-lenovo-vibe.html"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14024"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-3750"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005177"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1219"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005177"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3750"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://support.lenovo.com/us/en/product_security/len-15823"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3750"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3750"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.fireeye.com/blog/threat-research/2017/05/gaining-root-on-lenovo-vibe.html"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14024"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-3750"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005177"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1219"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3750"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14024"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-3750"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005177"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1219"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3750"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-14024"
      },
      {
        "date": "2017-06-29T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-3750"
      },
      {
        "date": "2017-07-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-005177"
      },
      {
        "date": "2017-06-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201706-1219"
      },
      {
        "date": "2017-06-29T15:29:00.253000",
        "db": "NVD",
        "id": "CVE-2017-3750"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-14024"
      },
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-3750"
      },
      {
        "date": "2017-07-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-005177"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201706-1219"
      },
      {
        "date": "2025-04-20T01:37:25.860000",
        "db": "NVD",
        "id": "CVE-2017-3750"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1219"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Lenovo VIBE cell phone\u0027s  Lenovo Security Android Vulnerabilities related to authorization, authority, and access control in applications",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005177"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control issues",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1219"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2017-3750

Vulnerability from fkie_nvd - Published: 2017-06-29 15:29 - Updated: 2025-04-20 01:37

Severity ?

6.4 (Medium) - CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	psirt@lenovo.com	https://support.lenovo.com/us/en/product_security/LEN-15823	Mitigation, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.lenovo.com/us/en/product_security/LEN-15823	Mitigation, Vendor Advisory

Impacted products

Vendor	Product	Version
google	android	*
lenovo	vibe_a1600	-
lenovo	vibe_a2560	-
lenovo	vibe_a2800	-
lenovo	vibe_a2860	-
lenovo	vibe_a2880	-
lenovo	vibe_a3000	-
lenovo	vibe_a3500	-
lenovo	vibe_a3600-d	-
lenovo	vibe_a3600u	-
lenovo	vibe_a3800-d	-
lenovo	vibe_a3900	-
lenovo	vibe_a6000	-
lenovo	vibe_a6000-i	-
lenovo	vibe_a6020i37	-
lenovo	vibe_a6600	-
lenovo	vibe_a6800	-
lenovo	vibe_k30-e	-
lenovo	vibe_k30-w-cu	-
lenovo	vibe_k32c30	-
lenovo	vibe_k80m	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B349128A-CD08-4B2B-975B-650831183DBE",
              "versionEndIncluding": "5.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:lenovo:vibe_a1600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF657581-9D69-4310-AE50-BE48CA5D4CB9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:lenovo:vibe_a2560:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CFB6B14-B5BB-48AB-92CB-CF7487512DC5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:lenovo:vibe_a2800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "325AC02E-E178-40D9-90D0-4E79843290B9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:lenovo:vibe_a2860:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "339FC9D6-19B2-4B91-B899-00E5E277B303",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:lenovo:vibe_a2880:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "06D59E67-2F49-4B3F-9437-94C7140BCF31",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:lenovo:vibe_a3000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBBAF531-27D5-44D6-9EEC-BA86172290E8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:lenovo:vibe_a3500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D7D1D8F-70CB-4B2F-BC7D-1B10E7EB2077",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:lenovo:vibe_a3600-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F2F72DE-F368-4A03-BFA4-56B9FA4938AF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:lenovo:vibe_a3600u:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6401481C-49A1-4886-80B8-E14569D77DA4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:lenovo:vibe_a3800-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "31FDA3C7-BC99-45A5-AE81-46DA8FA579C7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:lenovo:vibe_a3900:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "65E0F862-F45A-46CA-941A-99ED0FFF4272",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:lenovo:vibe_a6000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32979F5A-1DD6-42A9-9E10-E34CFFC96626",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:lenovo:vibe_a6000-i:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "898242F7-7C48-4439-8520-A0680EFD9FCD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:lenovo:vibe_a6020i37:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC57159C-1E88-43AB-A56E-66CA3AD171EE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:lenovo:vibe_a6600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "83D6A8C1-E7E2-449F-8F6C-02993935E3CB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:lenovo:vibe_a6800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADEF9C5D-A634-4E0D-AD7A-7F84BD7EF0CC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:lenovo:vibe_k30-e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "72AFFC5D-B159-4A7A-A482-455260883DC2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:lenovo:vibe_k30-w-cu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B75A5EB3-6E3D-42D5-98E5-E0523342C11A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:lenovo:vibe_k32c30:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E8E4082-C625-4CC2-BD8E-3D8DD26FC5F3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:lenovo:vibe_k80m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AECF65FF-B344-446E-B303-BDB58FFC7290",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3749."
    },
    {
      "lang": "es",
      "value": "En los tel\u00e9fonos m\u00f3viles Lenovo VIBE, la aplicaci\u00f3n de Android Lenovo Security permite que los datos privados se copien y restauren mediante Android Debug Bridge, lo que permite la falsificaci\u00f3n que conduce a un escalado de privilegios junto con CVE-2017-3748 y CVE-2017-3749."
    }
  ],
  "id": "CVE-2017-3750",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 0.5,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-06-29T15:29:00.253",
  "references": [
    {
      "source": "psirt@lenovo.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://support.lenovo.com/us/en/product_security/LEN-15823"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://support.lenovo.com/us/en/product_security/LEN-15823"
    }
  ],
  "sourceIdentifier": "psirt@lenovo.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2017-14024

Vulnerability from cnvd - Published: 2017-07-12

Title

多款Lenovo VIBE手机权限访问漏洞

Description

Android 6.0 Marshmallow是美国谷歌（Google）公司和开放手持设备联盟（简称OHA）共同开发的一套以Linux为基础的开源操作系统。Lenovo A2010-a等都是中国联想（Lenovo）公司的使用Android 6.0 Marshmallow操作系统的智能手机产品。使用Android 6.0 Marshmallow之前的版本的多款Lenovo VIBE手机中存在权限访问漏洞，该漏洞源于Lenovo Security Android应用程序允许通过Android Debug Bridge备份并储存私人数据。攻击者可利用该漏洞获取提升的权限。

Severity

高

Patch Name

多款Lenovo VIBE手机权限访问漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.lenovo.com/us/zh/product_security/len-15823

Reference

https://support.lenovo.com/us/en/product_security/LEN-15823

Impacted products

Name
['Lenovo vibe_a1600', 'Lenovo vibe_a2560', 'Lenovo vibe_a2800', 'Lenovo vibe_a2860', 'Lenovo vibe_a2880', 'Lenovo vibe_a3000', 'Lenovo vibe_a3500', 'Lenovo vibe_a3600-d', 'Lenovo vibe_a3600u', 'Lenovo vibe_a3800-d', 'Lenovo vibe_a3900', 'Lenovo vibe_a6000', 'Lenovo vibe_a6000-i', 'Lenovo vibe_a6020i37', 'Lenovo vibe_a6600', 'Lenovo vibe_a6800', 'Lenovo vibe_k30-e', 'Lenovo vibe_k30-w-cu', 'Lenovo vibe_k32c30', 'Lenovo vibe_k80m']

Name

['Lenovo vibe_a1600', 'Lenovo vibe_a2560', 'Lenovo vibe_a2800', 'Lenovo vibe_a2860', 'Lenovo vibe_a2880', 'Lenovo vibe_a3000', 'Lenovo vibe_a3500', 'Lenovo vibe_a3600-d', 'Lenovo vibe_a3600u', 'Lenovo vibe_a3800-d', 'Lenovo vibe_a3900', 'Lenovo vibe_a6000', 'Lenovo vibe_a6000-i', 'Lenovo vibe_a6020i37', 'Lenovo vibe_a6600', 'Lenovo vibe_a6800', 'Lenovo vibe_k30-e', 'Lenovo vibe_k30-w-cu', 'Lenovo vibe_k32c30', 'Lenovo vibe_k80m']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-3750",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3750"
    }
  },
  "description": "Android 6.0 Marshmallow\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u548c\u5f00\u653e\u624b\u6301\u8bbe\u5907\u8054\u76df\uff08\u7b80\u79f0OHA\uff09\u5171\u540c\u5f00\u53d1\u7684\u4e00\u5957\u4ee5Linux\u4e3a\u57fa\u7840\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edf\u3002Lenovo A2010-a\u7b49\u90fd\u662f\u4e2d\u56fd\u8054\u60f3\uff08Lenovo\uff09\u516c\u53f8\u7684\u4f7f\u7528Android 6.0 Marshmallow\u64cd\u4f5c\u7cfb\u7edf\u7684\u667a\u80fd\u624b\u673a\u4ea7\u54c1\u3002\r\n\r\n\u4f7f\u7528Android 6.0 Marshmallow\u4e4b\u524d\u7684\u7248\u672c\u7684\u591a\u6b3eLenovo VIBE\u624b\u673a\u4e2d\u5b58\u5728\u6743\u9650\u8bbf\u95ee\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eLenovo Security Android\u5e94\u7528\u7a0b\u5e8f\u5141\u8bb8\u901a\u8fc7Android Debug Bridge\u5907\u4efd\u5e76\u50a8\u5b58\u79c1\u4eba\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u63d0\u5347\u7684\u6743\u9650\u3002",
  "discovererName": "Lenovo",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.lenovo.com/us/zh/product_security/len-15823",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-14024",
  "openTime": "2017-07-12",
  "patchDescription": "Android 6.0 Marshmallow\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u548c\u5f00\u653e\u624b\u6301\u8bbe\u5907\u8054\u76df\uff08\u7b80\u79f0OHA\uff09\u5171\u540c\u5f00\u53d1\u7684\u4e00\u5957\u4ee5Linux\u4e3a\u57fa\u7840\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edf\u3002Lenovo A2010-a\u7b49\u90fd\u662f\u4e2d\u56fd\u8054\u60f3\uff08Lenovo\uff09\u516c\u53f8\u7684\u4f7f\u7528Android 6.0 Marshmallow\u64cd\u4f5c\u7cfb\u7edf\u7684\u667a\u80fd\u624b\u673a\u4ea7\u54c1\u3002\r\n\r\n\u4f7f\u7528Android 6.0 Marshmallow\u4e4b\u524d\u7684\u7248\u672c\u7684\u591a\u6b3eLenovo VIBE\u624b\u673a\u4e2d\u5b58\u5728\u6743\u9650\u8bbf\u95ee\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eLenovo Security Android\u5e94\u7528\u7a0b\u5e8f\u5141\u8bb8\u901a\u8fc7Android Debug Bridge\u5907\u4efd\u5e76\u50a8\u5b58\u79c1\u4eba\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u63d0\u5347\u7684\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eLenovo VIBE\u624b\u673a\u6743\u9650\u8bbf\u95ee\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Lenovo vibe_a1600",
      "Lenovo vibe_a2560",
      "Lenovo vibe_a2800",
      "Lenovo vibe_a2860",
      "Lenovo vibe_a2880",
      "Lenovo vibe_a3000",
      "Lenovo vibe_a3500",
      "Lenovo vibe_a3600-d",
      "Lenovo vibe_a3600u",
      "Lenovo vibe_a3800-d",
      "Lenovo vibe_a3900",
      "Lenovo vibe_a6000",
      "Lenovo vibe_a6000-i",
      "Lenovo vibe_a6020i37",
      "Lenovo vibe_a6600",
      "Lenovo vibe_a6800",
      "Lenovo vibe_k30-e",
      "Lenovo vibe_k30-w-cu",
      "Lenovo vibe_k32c30",
      "Lenovo vibe_k80m"
    ]
  },
  "referenceLink": "https://support.lenovo.com/us/en/product_security/LEN-15823",
  "serverity": "\u9ad8",
  "submitTime": "2017-07-03",
  "title": "\u591a\u6b3eLenovo VIBE\u624b\u673a\u6743\u9650\u8bbf\u95ee\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-3750 (GCVE-0-2017-3750)

GSD-2017-3750

GHSA-R87Q-892P-73WG

VAR-201706-0360

FKIE_CVE-2017-3750

CNVD-2017-14024

Tags

Sightings

Nomenclature