VAR-201706-0360
Vulnerability from variot - Updated: 2025-04-20 23:29On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3749. Lenovo VIBE cell phone's Lenovo Security Android Applications have vulnerabilities related to authorization, permissions, and access control.CVE-2017-3748 and CVE-2017-3749 Information is obtained, information is tampered with, and service operation is disrupted by exploiting it together with vulnerabilities (DoS) There is a possibility of being put into a state. Android6.0Marshmallow is a Linux-based open source operating system jointly developed by Google and the Open Handheld Device Alliance (OHA). LenovoA2010-a, etc. are all Lenovo's smartphone products using the Android6.0 Marshmallow operating system. A Permission Access Vulnerability exists in several LenovoVIBE phones using versions prior to Android6.0 Marshmallow, which stems from the LenovoSecurityAndroid app allowing backup and storage of private data via AndroidDebugBridge. An attacker could exploit the vulnerability to gain elevated privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0360",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "android",
"scope": "lte",
"trust": 1.0,
"vendor": "google",
"version": "5.1.1"
},
{
"model": "android",
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": "vibe a1600",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
},
{
"model": "vibe a2560",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
},
{
"model": "vibe a2800",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
},
{
"model": "vibe a2860",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
},
{
"model": "vibe a2880",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
},
{
"model": "vibe a3000",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
},
{
"model": "vibe a3500",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
},
{
"model": "vibe a3600-d",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
},
{
"model": "vibe a3600u",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
},
{
"model": "vibe a3800-d",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
},
{
"model": "vibe a3900",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
},
{
"model": "vibe a6000",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
},
{
"model": "vibe a6000-i",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
},
{
"model": "vibe a6020i37",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
},
{
"model": "vibe a6600",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
},
{
"model": "vibe a6800",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
},
{
"model": "vibe k30-e",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
},
{
"model": "vibe k30-w-cu",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
},
{
"model": "vibe k32c30",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
},
{
"model": "vibe k80m",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
},
{
"model": "android",
"scope": "eq",
"trust": 0.6,
"vendor": "google",
"version": "5.1.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-14024"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005177"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1219"
},
{
"db": "NVD",
"id": "CVE-2017-3750"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:google:android",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005177"
}
]
},
"cve": "CVE-2017-3750",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CVE-2017-3750",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-14024",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.5,
"id": "CVE-2017-3750",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-3750",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-3750",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-14024",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-1219",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-3750",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-14024"
},
{
"db": "VULMON",
"id": "CVE-2017-3750"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005177"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1219"
},
{
"db": "NVD",
"id": "CVE-2017-3750"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3749. Lenovo VIBE cell phone\u0027s Lenovo Security Android Applications have vulnerabilities related to authorization, permissions, and access control.CVE-2017-3748 and CVE-2017-3749 Information is obtained, information is tampered with, and service operation is disrupted by exploiting it together with vulnerabilities (DoS) There is a possibility of being put into a state. Android6.0Marshmallow is a Linux-based open source operating system jointly developed by Google and the Open Handheld Device Alliance (OHA). LenovoA2010-a, etc. are all Lenovo\u0027s smartphone products using the Android6.0 Marshmallow operating system. A Permission Access Vulnerability exists in several LenovoVIBE phones using versions prior to Android6.0 Marshmallow, which stems from the LenovoSecurityAndroid app allowing backup and storage of private data via AndroidDebugBridge. An attacker could exploit the vulnerability to gain elevated privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3750"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005177"
},
{
"db": "CNVD",
"id": "CNVD-2017-14024"
},
{
"db": "VULMON",
"id": "CVE-2017-3750"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-3750",
"trust": 3.1
},
{
"db": "LENOVO",
"id": "LEN-15823",
"trust": 2.3
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005177",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-14024",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1219",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2017-3750",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-14024"
},
{
"db": "VULMON",
"id": "CVE-2017-3750"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005177"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1219"
},
{
"db": "NVD",
"id": "CVE-2017-3750"
}
]
},
"id": "VAR-201706-0360",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-14024"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-14024"
}
]
},
"last_update_date": "2025-04-20T23:29:41.227000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "https://www.android.com/intl/ja_jp/phones/"
},
{
"title": "VIBE Series",
"trust": 0.8,
"url": "http://www3.lenovo.com/in/en/smartphones/smartphone-vibe-series/c/smartphone-vibe-series"
},
{
"title": "Patches for several LenovoVIBE mobile rights access vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/97884"
},
{
"title": "Multiple Lenovo VIBE Fixes for mobile rights permissions and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71357"
},
{
"title": "Fireeye Threat Research",
"trust": 0.2,
"url": "https://www.fireeye.com/blog/threat-research/2017/05/gaining-root-on-lenovo-vibe.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-14024"
},
{
"db": "VULMON",
"id": "CVE-2017-3750"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005177"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1219"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005177"
},
{
"db": "NVD",
"id": "CVE-2017-3750"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://support.lenovo.com/us/en/product_security/len-15823"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3750"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3750"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.fireeye.com/blog/threat-research/2017/05/gaining-root-on-lenovo-vibe.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-14024"
},
{
"db": "VULMON",
"id": "CVE-2017-3750"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005177"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1219"
},
{
"db": "NVD",
"id": "CVE-2017-3750"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-14024"
},
{
"db": "VULMON",
"id": "CVE-2017-3750"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005177"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1219"
},
{
"db": "NVD",
"id": "CVE-2017-3750"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-14024"
},
{
"date": "2017-06-29T00:00:00",
"db": "VULMON",
"id": "CVE-2017-3750"
},
{
"date": "2017-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005177"
},
{
"date": "2017-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1219"
},
{
"date": "2017-06-29T15:29:00.253000",
"db": "NVD",
"id": "CVE-2017-3750"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-14024"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-3750"
},
{
"date": "2017-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005177"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1219"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-3750"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-1219"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo VIBE cell phone\u0027s Lenovo Security Android Vulnerabilities related to authorization, authority, and access control in applications",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005177"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-1219"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…