VAR-201706-0354
Vulnerability from variot - Updated: 2025-04-20 23:19If multiple users are concurrently logged into a single system where one user is sending a command via the Lenovo ToolsCenter Advanced Settings Utility (ASU), UpdateXpress System Pack Installer (UXSPI) or Dynamic System Analysis (DSA) to a second machine, the other users may be able to see the user ID and clear text password that were used to access the second machine during the time the command is processing. Lenovo ToolsCenter Advanced Settings Utility (ASU) , UpdateXpress System Pack Installer (UXSPI) Or Dynamic System Analysis (DSA) Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Security vulnerabilities exist in several Lenovo products. A local attacker can exploit this vulnerability to obtain user IDs and plaintext passwords
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0354",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "toolscenter dynamic system analysis",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "10.2"
},
{
"model": "updatexpress system pack installer",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "10.2"
},
{
"model": "advanced settings utility",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "10.1"
},
{
"model": "advanced settings utility",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "dynamic system analysis",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "updatexpress system packs installer",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "updatexpress system pack installer",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "10.2"
},
{
"model": "toolscenter dynamic system analysis",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "10.2"
},
{
"model": "advanced settings utility",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "10.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005066"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-792"
},
{
"db": "NVD",
"id": "CVE-2017-3743"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:lenovo:advanced_settings_utility",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:lenovo:toolscenter_dynamic_system_analysis",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:lenovo:updatexpress_system_pack_installer",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005066"
}
]
},
"cve": "CVE-2017-3743",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CVE-2017-3743",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "VHN-111946",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2017-3743",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-3743",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-3743",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-792",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-111946",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111946"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005066"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-792"
},
{
"db": "NVD",
"id": "CVE-2017-3743"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "If multiple users are concurrently logged into a single system where one user is sending a command via the Lenovo ToolsCenter Advanced Settings Utility (ASU), UpdateXpress System Pack Installer (UXSPI) or Dynamic System Analysis (DSA) to a second machine, the other users may be able to see the user ID and clear text password that were used to access the second machine during the time the command is processing. Lenovo ToolsCenter Advanced Settings Utility (ASU) , UpdateXpress System Pack Installer (UXSPI) Or Dynamic System Analysis (DSA) Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Security vulnerabilities exist in several Lenovo products. A local attacker can exploit this vulnerability to obtain user IDs and plaintext passwords",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3743"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005066"
},
{
"db": "VULHUB",
"id": "VHN-111946"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-3743",
"trust": 2.5
},
{
"db": "LENOVO",
"id": "LEN-10810",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005066",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-792",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-111946",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111946"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005066"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-792"
},
{
"db": "NVD",
"id": "CVE-2017-3743"
}
]
},
"id": "VAR-201706-0354",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-111946"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:19:56.495000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-10810",
"trust": 0.8,
"url": "https://support.lenovo.com/jp/ja/product_security/len-10810"
},
{
"title": "Multiple Lenovo Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71254"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005066"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-792"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111946"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005066"
},
{
"db": "NVD",
"id": "CVE-2017-3743"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.lenovo.com/us/en/product_security/len-10810"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3743"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3743"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111946"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005066"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-792"
},
{
"db": "NVD",
"id": "CVE-2017-3743"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-111946"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005066"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-792"
},
{
"db": "NVD",
"id": "CVE-2017-3743"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-20T00:00:00",
"db": "VULHUB",
"id": "VHN-111946"
},
{
"date": "2017-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005066"
},
{
"date": "2017-06-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-792"
},
{
"date": "2017-06-20T00:29:00.297000",
"db": "NVD",
"id": "CVE-2017-3743"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-30T00:00:00",
"db": "VULHUB",
"id": "VHN-111946"
},
{
"date": "2017-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005066"
},
{
"date": "2017-06-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-792"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-3743"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-792"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo ToolsCenter Information disclosure vulnerability in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005066"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-792"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…