Vulnerability-Lookup

CVE-2017-3775 (GCVE-0-2017-3775)

Vulnerability from cvelistv5 – Published: 2018-05-04 16:00 – Updated: 2024-09-16 23:56

Summary

Severity

6.4 (Medium)


                        
                          CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Booting unauthenticated code

Assigner

lenovo

References

1 reference

URL	Tags
https://support.lenovo.com/us/en/solutions/LEN-20241	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
Lenovo Group Ltd.	Some Lenovo Flex System and Lenovo System x products	Affected: Affected BIOS version varies by product

Date Public

2018-05-03 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:39:39.687Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.lenovo.com/us/en/solutions/LEN-20241"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Some Lenovo Flex System and Lenovo System x products",
          "vendor": "Lenovo Group Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Affected BIOS version varies by product"
            }
          ]
        }
      ],
      "datePublic": "2018-05-03T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Booting unauthenticated code",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-04T15:57:01.000Z",
        "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "shortName": "lenovo"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.lenovo.com/us/en/solutions/LEN-20241"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@lenovo.com",
          "DATE_PUBLIC": "2018-05-03T00:00:00",
          "ID": "CVE-2017-3775",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Some Lenovo Flex System and Lenovo System x products",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Affected BIOS version varies by product"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Lenovo Group Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Booting unauthenticated code"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.lenovo.com/us/en/solutions/LEN-20241",
              "refsource": "CONFIRM",
              "url": "https://support.lenovo.com/us/en/solutions/LEN-20241"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
    "assignerShortName": "lenovo",
    "cveId": "CVE-2017-3775",
    "datePublished": "2018-05-04T16:00:00.000Z",
    "dateReserved": "2016-12-16T00:00:00.000Z",
    "dateUpdated": "2024-09-16T23:56:19.792Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2017-3775",
      "date": "2026-06-04",
      "epss": "0.00042",
      "percentile": "0.12995"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-3775\",\"sourceIdentifier\":\"psirt@lenovo.com\",\"published\":\"2018-05-04T17:29:00.223\",\"lastModified\":\"2024-11-21T03:26:06.720\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code.\"},{\"lang\":\"es\",\"value\":\"Algunas versiones BIOS/UEFI del servidor x de Lenovo, cuando Secure Boot est\u00e1 habilitado por un administrador del sistema, no autentican correctamente el c\u00f3digo firmado antes de cargarlo. Como resultado, un atacante con acceso f\u00edsico al sistema podr\u00eda cargar c\u00f3digo no firmado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.5,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":6.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:flex_system_x240_m5_bios:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.61\",\"matchCriteriaId\":\"21457BA1-04A2-44F5-A33A-85FF81F09C44\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:flex_system_x240_m5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D2CE7A5-1CEE-40C4-BE0E-573C28663A11\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:flex_system_x280_x6_bios:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.21\",\"matchCriteriaId\":\"83D664BC-39A8-4A7E-95E1-ACF88A5D71D7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:flex_system_x280_x6:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1563A13F-2E56-4E83-9C16-68B2C81843DB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:flex_system_x480_x6_bios:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.21\",\"matchCriteriaId\":\"5763A810-2C14-49F4-895E-D511B4C3FDB3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:flex_system_x480_x6:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F86B6B27-0E42-47C1-B2D9-A6C5B1364D9A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:flex_system_x880_bios:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.21\",\"matchCriteriaId\":\"61334EC1-3C26-4056-BBC5-E6D0066BDC31\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:flex_system_x880:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68ED17ED-BE60-4EE3-9599-C88C3C7A626C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:nextscale_nx360_m5_bios:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.61\",\"matchCriteriaId\":\"1E315447-AD2F-4861-A5BA-21DEA5ED1DA8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:nextscale_nx360_m5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"723D2A74-F6F3-4C73-AFD9-CDAE930D0FB9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:system_x3250_m6_bios:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.23\",\"matchCriteriaId\":\"3B60CE27-0BF7-4672-857C-2340913EF887\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:system_x3250_m6:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D89A2206-7012-4938-9BE2-ACF014E3F3B2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:system_x3500_m5_bios:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.61\",\"matchCriteriaId\":\"4EA1D294-138D-44B4-A86B-58D4B9A70539\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:system_x3500_m5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5FC3467C-3F00-4EE3-B40E-3AE7F93094DD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:system_x3550_m5_bios:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.61\",\"matchCriteriaId\":\"F6CB9785-3660-4578-A4E2-0DE50C7E57EA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:system_x3550_m5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57A78B63-6588-4C40-BEBB-88C8DF467A18\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:system_x3650_m5_bios:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.61\",\"matchCriteriaId\":\"3D08A24F-EAF0-4A74-9DDC-7564C09172D5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:system_x3650_m5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"145F0B3C-A945-443B-AB08-329F72358801\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:system_x3850_x6_bios:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.3\",\"matchCriteriaId\":\"BB2B0B1A-F876-4280-B8CA-C829CCA51291\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:system_x3850_x6:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F70A2471-D476-4FB7-8D1F-FEE0E4BF460C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:system_x3950_x6_bios:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.3\",\"matchCriteriaId\":\"85425D7F-3087-477C-82B6-B829CDD6EA33\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:system_x3950_x6:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25A3A89F-CB39-4E76-BC64-3C4F4788FB8C\"}]}]}],\"references\":[{\"url\":\"https://support.lenovo.com/us/en/solutions/LEN-20241\",\"source\":\"psirt@lenovo.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://support.lenovo.com/us/en/solutions/LEN-20241\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

CNVD-2018-09190

Vulnerability from cnvd - Published: 2018-05-09

Title

多款Lenovo产品代码执行漏洞

Description

Lenovo Flex System x240 M5等都是中国联想（Lenovo）公司的服务器设备。多款Lenovo产品中存在安全漏洞，该漏洞源于程序在运行签名的代码之前，未能正确的进行身份验证。物理位置临近的攻击者可利用该漏洞运行未签名的代码。

Severity

高

Patch Name

多款Lenovo产品存在代码执行漏洞的补丁

Patch Description

Lenovo Flex System x240 M5等都是中国联想（Lenovo）公司的服务器设备。多款Lenovo产品中存在安全漏洞，该漏洞源于程序在运行签名的代码之前，未能正确的进行身份验证。物理位置临近的攻击者可利用该漏洞运行未签名的代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.lenovo.com/us/zh/solutions/len-20241

Reference

https://support.lenovo.com/us/en/solutions/LEN-20241

Impacted products

Name
['Lenovo Flex System x240 M5 BIOS/UEFI <2.61', 'Lenovo Flex System x280 X6 BIOS/UEFI <4.21', 'Lenovo Flex System x480 X6 BIOS/UEFI <4.21', 'Lenovo Flex System x880 BIOS/UEFI <4.21', 'Lenovo NeXtScale nx360 M5 BIOS/UEFI <2.61', 'Lenovo System x3250 M6 BIOS/UEFI <2.23', 'Lenovo System x3500 M5 BIOS/UEFI <2.61', 'Lenovo System x3550 M5 BIOS/UEFI <2.6', 'Lenovo System x3650 M5 BIOS/UEFI <2.61', 'Lenovo System x3850 X6 BIOS/UEFI <4.3', 'Lenovo System x3950 X6 BIOS/UEFI <4.3']

Name

['Lenovo Flex System x240 M5 BIOS/UEFI <2.61', 'Lenovo Flex System x280 X6 BIOS/UEFI <4.21', 'Lenovo Flex System x480 X6 BIOS/UEFI <4.21', 'Lenovo Flex System x880 BIOS/UEFI <4.21', 'Lenovo NeXtScale nx360 M5 BIOS/UEFI <2.61', 'Lenovo System x3250 M6 BIOS/UEFI <2.23', 'Lenovo System x3500 M5 BIOS/UEFI <2.61', 'Lenovo System x3550 M5 BIOS/UEFI <2.6', 'Lenovo System x3650 M5 BIOS/UEFI <2.61', 'Lenovo System x3850 X6 BIOS/UEFI <4.3', 'Lenovo System x3950 X6 BIOS/UEFI <4.3']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-3775"
    }
  },
  "description": "Lenovo Flex System x240 M5\u7b49\u90fd\u662f\u4e2d\u56fd\u8054\u60f3\uff08Lenovo\uff09\u516c\u53f8\u7684\u670d\u52a1\u5668\u8bbe\u5907\u3002\r\n\r\n\u591a\u6b3eLenovo\u4ea7\u54c1\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u5728\u8fd0\u884c\u7b7e\u540d\u7684\u4ee3\u7801\u4e4b\u524d\uff0c\u672a\u80fd\u6b63\u786e\u7684\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u7269\u7406\u4f4d\u7f6e\u4e34\u8fd1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8fd0\u884c\u672a\u7b7e\u540d\u7684\u4ee3\u7801\u3002",
  "discovererName": "Unknow",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.lenovo.com/us/zh/solutions/len-20241",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-09190",
  "openTime": "2018-05-09",
  "patchDescription": "Lenovo Flex System x240 M5\u7b49\u90fd\u662f\u4e2d\u56fd\u8054\u60f3\uff08Lenovo\uff09\u516c\u53f8\u7684\u670d\u52a1\u5668\u8bbe\u5907\u3002\r\n\r\n\u591a\u6b3eLenovo\u4ea7\u54c1\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u5728\u8fd0\u884c\u7b7e\u540d\u7684\u4ee3\u7801\u4e4b\u524d\uff0c\u672a\u80fd\u6b63\u786e\u7684\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u7269\u7406\u4f4d\u7f6e\u4e34\u8fd1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8fd0\u884c\u672a\u7b7e\u540d\u7684\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eLenovo\u4ea7\u54c1\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Lenovo Flex System x240 M5 BIOS/UEFI \u003c2.61",
      "Lenovo Flex System x280 X6 BIOS/UEFI \u003c4.21",
      "Lenovo Flex System x480 X6 BIOS/UEFI \u003c4.21",
      "Lenovo Flex System x880 BIOS/UEFI \u003c4.21",
      "Lenovo NeXtScale nx360 M5 BIOS/UEFI \u003c2.61",
      "Lenovo System x3250 M6 BIOS/UEFI \u003c2.23",
      "Lenovo System x3500 M5 BIOS/UEFI  \u003c2.61",
      "Lenovo System x3550 M5 BIOS/UEFI \u003c2.6",
      "Lenovo System x3650 M5 BIOS/UEFI  \u003c2.61",
      "Lenovo System x3850 X6 BIOS/UEFI \u003c4.3",
      "Lenovo System x3950 X6 BIOS/UEFI \u003c4.3"
    ]
  },
  "referenceLink": "https://support.lenovo.com/us/en/solutions/LEN-20241",
  "serverity": "\u9ad8",
  "submitTime": "2018-05-08",
  "title": "\u591a\u6b3eLenovo\u4ea7\u54c1\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

FKIE_CVE-2017-3775

Vulnerability from fkie_nvd - Published: 2018-05-04 17:29 - Updated: 2024-11-21 03:26

Severity

6.4 (Medium) - CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	psirt@lenovo.com	https://support.lenovo.com/us/en/solutions/LEN-20241	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.lenovo.com/us/en/solutions/LEN-20241	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
lenovo	flex_system_x240_m5_bios	*
lenovo	flex_system_x240_m5	-
lenovo	flex_system_x280_x6_bios	*
lenovo	flex_system_x280_x6	-
lenovo	flex_system_x480_x6_bios	*
lenovo	flex_system_x480_x6	-
lenovo	flex_system_x880_bios	*
lenovo	flex_system_x880	-
lenovo	nextscale_nx360_m5_bios	*
lenovo	nextscale_nx360_m5	-
lenovo	system_x3250_m6_bios	*
lenovo	system_x3250_m6	-
lenovo	system_x3500_m5_bios	*
lenovo	system_x3500_m5	-
lenovo	system_x3550_m5_bios	*
lenovo	system_x3550_m5	-
lenovo	system_x3650_m5_bios	*
lenovo	system_x3650_m5	-
lenovo	system_x3850_x6_bios	*
lenovo	system_x3850_x6	-
lenovo	system_x3950_x6_bios	*
lenovo	system_x3950_x6	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:lenovo:flex_system_x240_m5_bios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "21457BA1-04A2-44F5-A33A-85FF81F09C44",
              "versionEndExcluding": "2.61",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:lenovo:flex_system_x240_m5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D2CE7A5-1CEE-40C4-BE0E-573C28663A11",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:lenovo:flex_system_x280_x6_bios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83D664BC-39A8-4A7E-95E1-ACF88A5D71D7",
              "versionEndExcluding": "4.21",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:lenovo:flex_system_x280_x6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1563A13F-2E56-4E83-9C16-68B2C81843DB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:lenovo:flex_system_x480_x6_bios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5763A810-2C14-49F4-895E-D511B4C3FDB3",
              "versionEndExcluding": "4.21",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:lenovo:flex_system_x480_x6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F86B6B27-0E42-47C1-B2D9-A6C5B1364D9A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:lenovo:flex_system_x880_bios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "61334EC1-3C26-4056-BBC5-E6D0066BDC31",
              "versionEndExcluding": "4.21",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:lenovo:flex_system_x880:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "68ED17ED-BE60-4EE3-9599-C88C3C7A626C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:lenovo:nextscale_nx360_m5_bios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E315447-AD2F-4861-A5BA-21DEA5ED1DA8",
              "versionEndExcluding": "2.61",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:lenovo:nextscale_nx360_m5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "723D2A74-F6F3-4C73-AFD9-CDAE930D0FB9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:lenovo:system_x3250_m6_bios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B60CE27-0BF7-4672-857C-2340913EF887",
              "versionEndExcluding": "2.23",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:lenovo:system_x3250_m6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D89A2206-7012-4938-9BE2-ACF014E3F3B2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:lenovo:system_x3500_m5_bios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EA1D294-138D-44B4-A86B-58D4B9A70539",
              "versionEndExcluding": "2.61",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:lenovo:system_x3500_m5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FC3467C-3F00-4EE3-B40E-3AE7F93094DD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:lenovo:system_x3550_m5_bios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6CB9785-3660-4578-A4E2-0DE50C7E57EA",
              "versionEndExcluding": "2.61",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:lenovo:system_x3550_m5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "57A78B63-6588-4C40-BEBB-88C8DF467A18",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:lenovo:system_x3650_m5_bios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D08A24F-EAF0-4A74-9DDC-7564C09172D5",
              "versionEndExcluding": "2.61",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:lenovo:system_x3650_m5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "145F0B3C-A945-443B-AB08-329F72358801",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:lenovo:system_x3850_x6_bios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB2B0B1A-F876-4280-B8CA-C829CCA51291",
              "versionEndExcluding": "4.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:lenovo:system_x3850_x6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F70A2471-D476-4FB7-8D1F-FEE0E4BF460C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:lenovo:system_x3950_x6_bios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "85425D7F-3087-477C-82B6-B829CDD6EA33",
              "versionEndExcluding": "4.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:lenovo:system_x3950_x6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "25A3A89F-CB39-4E76-BC64-3C4F4788FB8C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code."
    },
    {
      "lang": "es",
      "value": "Algunas versiones BIOS/UEFI del servidor x de Lenovo, cuando Secure Boot est\u00e1 habilitado por un administrador del sistema, no autentican correctamente el c\u00f3digo firmado antes de cargarlo. Como resultado, un atacante con acceso f\u00edsico al sistema podr\u00eda cargar c\u00f3digo no firmado."
    }
  ],
  "id": "CVE-2017-3775",
  "lastModified": "2024-11-21T03:26:06.720",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 0.5,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-05-04T17:29:00.223",
  "references": [
    {
      "source": "psirt@lenovo.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://support.lenovo.com/us/en/solutions/LEN-20241"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://support.lenovo.com/us/en/solutions/LEN-20241"
    }
  ],
  "sourceIdentifier": "psirt@lenovo.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-M3R2-464W-G5X4

Vulnerability from github – Published: 2022-05-14 03:18 – Updated: 2022-05-14 03:18

Details

Severity

6.4 (Medium)


                  
                    CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-3775"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-05-04T17:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code.",
  "id": "GHSA-m3r2-464w-g5x4",
  "modified": "2022-05-14T03:18:34Z",
  "published": "2022-05-14T03:18:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3775"
    },
    {
      "type": "WEB",
      "url": "https://support.lenovo.com/us/en/solutions/LEN-20241"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2017-3775

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-3775

Aliases

CVE-2017-3775

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-3775",
    "description": "Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code.",
    "id": "GSD-2017-3775"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-3775"
      ],
      "details": "Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code.",
      "id": "GSD-2017-3775",
      "modified": "2023-12-13T01:21:16.391172Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@lenovo.com",
        "DATE_PUBLIC": "2018-05-03T00:00:00",
        "ID": "CVE-2017-3775",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Some Lenovo Flex System and Lenovo System x products",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Affected BIOS version varies by product"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Lenovo Group Ltd."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Booting unauthenticated code"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.lenovo.com/us/en/solutions/LEN-20241",
            "refsource": "CONFIRM",
            "url": "https://support.lenovo.com/us/en/solutions/LEN-20241"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:lenovo:flex_system_x240_m5_bios:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.61",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:flex_system_x240_m5:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:lenovo:flex_system_x280_x6_bios:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.21",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:flex_system_x280_x6:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:lenovo:flex_system_x480_x6_bios:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.21",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:flex_system_x480_x6:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:lenovo:flex_system_x880_bios:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.21",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:flex_system_x880:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:lenovo:nextscale_nx360_m5_bios:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.61",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:nextscale_nx360_m5:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:lenovo:system_x3250_m6_bios:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.23",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:system_x3250_m6:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:lenovo:system_x3500_m5_bios:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.61",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:system_x3500_m5:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:lenovo:system_x3550_m5_bios:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.61",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:system_x3550_m5:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:lenovo:system_x3650_m5_bios:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.61",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:system_x3650_m5:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:lenovo:system_x3850_x6_bios:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.3",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:system_x3850_x6:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:lenovo:system_x3950_x6_bios:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.3",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:lenovo:system_x3950_x6:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@lenovo.com",
          "ID": "CVE-2017-3775"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.lenovo.com/us/en/solutions/LEN-20241",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://support.lenovo.com/us/en/solutions/LEN-20241"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 0.5,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2018-06-13T15:58Z",
      "publishedDate": "2018-05-04T17:29Z"
    }
  }
}

VAR-201805-0171

Vulnerability from variot - Updated: 2024-11-23 22:22

Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code. plural Lenovo System Product BIOS Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. LenovoFlexSystemx240M5 and so on are all Lenovo's server equipment. Multiple Lenovo System x Servers are prone to a local authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201805-0171",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "flex system x280 x6 bios",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "lenovo",
        "version": "4.21"
      },
      {
        "model": "flex system x240 m5 bios",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "lenovo",
        "version": "2.61"
      },
      {
        "model": "system x3250 m6 bios",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "lenovo",
        "version": "2.23"
      },
      {
        "model": "nextscale nx360 m5 bios",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "lenovo",
        "version": "2.61"
      },
      {
        "model": "flex system x480 x6 bios",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "lenovo",
        "version": "4.21"
      },
      {
        "model": "system x3950 x6 bios",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "lenovo",
        "version": "4.3"
      },
      {
        "model": "system x3550 m5 bios",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "lenovo",
        "version": "2.61"
      },
      {
        "model": "system x3850 x6 bios",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "lenovo",
        "version": "4.3"
      },
      {
        "model": "system x3500 m5 bios",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "lenovo",
        "version": "2.61"
      },
      {
        "model": "flex system x880 bios",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "lenovo",
        "version": "4.21"
      },
      {
        "model": "system x3650 m5 bios",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "lenovo",
        "version": "2.61"
      },
      {
        "model": "flex system x240 m5",
        "scope": null,
        "trust": 0.8,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "flex system x280 x6",
        "scope": null,
        "trust": 0.8,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "flex system x480 x6",
        "scope": null,
        "trust": 0.8,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "flex system x880 x6",
        "scope": null,
        "trust": 0.8,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "nextscale nx360 m5",
        "scope": null,
        "trust": 0.8,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "system x3250 m6",
        "scope": null,
        "trust": 0.8,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "system x3500 m5",
        "scope": null,
        "trust": 0.8,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "system x3550 m5",
        "scope": null,
        "trust": 0.8,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "system x3650 m5",
        "scope": null,
        "trust": 0.8,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "system x3850 x6",
        "scope": null,
        "trust": 0.8,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "system x3950 x6",
        "scope": null,
        "trust": 0.8,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "flex system m5 bios/uefi",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "lenovo",
        "version": "x240\u003c2.61"
      },
      {
        "model": "flex system bios/uefi",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "lenovo",
        "version": "x280x6\u003c4.21"
      },
      {
        "model": "flex system bios/uefi",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "lenovo",
        "version": "x480x6\u003c4.21"
      },
      {
        "model": "flex system bios/uefi",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "lenovo",
        "version": "x880\u003c4.21"
      },
      {
        "model": "nextscale nx360 m5 bios/uefi",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "lenovo",
        "version": "2.61"
      },
      {
        "model": "system m6 bios/uefi",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "lenovo",
        "version": "x3250\u003c2.23"
      },
      {
        "model": "system m5 bios/uefi",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "lenovo",
        "version": "x3500\u003c2.61"
      },
      {
        "model": "system m5 bios/uefi",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "lenovo",
        "version": "x3550\u003c2.6"
      },
      {
        "model": "system m5 bios/uefi",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "lenovo",
        "version": "x3650\u003c2.61"
      },
      {
        "model": "system bios/uefi",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "lenovo",
        "version": "x3850x6\u003c4.3"
      },
      {
        "model": "system bios/uefi",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "lenovo",
        "version": "x3950x6\u003c4.3"
      },
      {
        "model": "system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "x3950x60"
      },
      {
        "model": "system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "x3850x60"
      },
      {
        "model": "system m5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "x36500"
      },
      {
        "model": "system m5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "x35500"
      },
      {
        "model": "system m5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "x35000"
      },
      {
        "model": "system m6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "x32500"
      },
      {
        "model": "nextscale nx360 m5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "flex system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "x8800"
      },
      {
        "model": "flex system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "x480x60"
      },
      {
        "model": "flex system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "x280x60"
      },
      {
        "model": "flex system m5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "x2400"
      },
      {
        "model": "system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "x3950x64.3"
      },
      {
        "model": "system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "x3850x64.3"
      },
      {
        "model": "system m5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "x36502.61"
      },
      {
        "model": "system m5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "x35502.61"
      },
      {
        "model": "system m5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "x35002.61"
      },
      {
        "model": "system m6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "x32502.23"
      },
      {
        "model": "nextscale nx360 m5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "2.61"
      },
      {
        "model": "flex system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "x8804.21"
      },
      {
        "model": "flex system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "x480x64.21"
      },
      {
        "model": "flex system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "x280x64.21"
      },
      {
        "model": "flex system m5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "x2402.61"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-09190"
      },
      {
        "db": "BID",
        "id": "104275"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004888"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3775"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:lenovo:flex_system_x240_m5_bios",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:lenovo:flex_system_x280_m6_bios",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:lenovo:flex_system_x480_x6_bios",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:lenovo:flex_system_x880_x6_bios",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:lenovo:nextscale_nx360_m5_bios",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:lenovo:system_x3250_m6_bios",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:lenovo:system_x3500_m5_bios",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:lenovo:system_x3550_m5_bios",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:lenovo:system_x3650_m5_bios",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:lenovo:system_x3850_x6_bios",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:lenovo:system_x3950_x6_bios",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004888"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "104275"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-3775",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "id": "CVE-2017-3775",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 6.5,
            "id": "CNVD-2018-09190",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.5,
            "id": "CVE-2017-3775",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-3775",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-3775",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-09190",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201805-184",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-09190"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004888"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-184"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3775"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code. plural Lenovo System Product BIOS Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. LenovoFlexSystemx240M5 and so on are all Lenovo\u0027s server equipment. Multiple Lenovo System x Servers are prone to a local authentication-bypass vulnerability. \nAn attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-3775"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004888"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-09190"
      },
      {
        "db": "BID",
        "id": "104275"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-3775",
        "trust": 3.3
      },
      {
        "db": "LENOVO",
        "id": "LEN-20241",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004888",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-09190",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-184",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "104275",
        "trust": 0.3
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-09190"
      },
      {
        "db": "BID",
        "id": "104275"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004888"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-184"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3775"
      }
    ]
  },
  "id": "VAR-201805-0171",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-09190"
      }
    ],
    "trust": 1.331547621
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-09190"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:22:05.812000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "LEN-20241",
        "trust": 0.8,
        "url": "https://support.lenovo.com/us/en/solutions/LEN-20241"
      },
      {
        "title": "Patches for code execution vulnerabilities in several Lenovo products",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/128519"
      },
      {
        "title": "Multiple Lenovo Product security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79882"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-09190"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004888"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-184"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-287",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004888"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3775"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "https://support.lenovo.com/us/en/solutions/len-20241"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3775"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3775"
      },
      {
        "trust": 0.3,
        "url": "http://www.lenovo.com/ca/en/"
      },
      {
        "trust": 0.3,
        "url": "https://support.lenovo.com/in/en/solutions/len-20241"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-09190"
      },
      {
        "db": "BID",
        "id": "104275"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004888"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-184"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3775"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-09190"
      },
      {
        "db": "BID",
        "id": "104275"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004888"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-184"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3775"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-05-09T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-09190"
      },
      {
        "date": "2018-05-03T00:00:00",
        "db": "BID",
        "id": "104275"
      },
      {
        "date": "2018-06-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-004888"
      },
      {
        "date": "2018-05-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201805-184"
      },
      {
        "date": "2018-05-04T17:29:00.223000",
        "db": "NVD",
        "id": "CVE-2017-3775"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-05-09T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-09190"
      },
      {
        "date": "2018-05-03T00:00:00",
        "db": "BID",
        "id": "104275"
      },
      {
        "date": "2018-06-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-004888"
      },
      {
        "date": "2018-05-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201805-184"
      },
      {
        "date": "2024-11-21T03:26:06.720000",
        "db": "NVD",
        "id": "CVE-2017-3775"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "104275"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-184"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Lenovo System Product  BIOS Authentication vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004888"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-184"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-3775 (GCVE-0-2017-3775)

CNVD-2018-09190

FKIE_CVE-2017-3775

GHSA-M3R2-464W-G5X4

GSD-2017-3775

VAR-201805-0171

Tags

Sightings

Nomenclature