Vulnerability CVE-2017-3753


Published: 2017-08-09   Modified: 2017-08-10

Description:
A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. (AMI). With this vulnerability, conditions exist where an attacker with administrative privileges or physical access to a system may be able to run specially crafted code that can allow them to bypass system protections such as Device Guard and Hyper-V.

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Lenovo -> Thinkserver ts450 firmware 
Lenovo -> Thinkcentre m700z firmware 
Lenovo -> Thinkcentre m900z firmware 
Lenovo -> Thinkcentre m9550z firmware 
Lenovo -> S500 firmware 
Lenovo -> Thinkcentre m715q firmware 
Lenovo -> Thinkcentre m9500z firmware 
Lenovo -> Thinkstation p910 firmware 
Lenovo -> Thinkcentre m700 firmware 
Lenovo -> 63 firmware 
Lenovo -> Yangtian s3040 firmware 
Lenovo -> Ideacentre 300-20ish firmware 
Lenovo -> Thinkstation s30 (4352) firmware 
Lenovo -> Thinkcentre m8300z firmware 
Lenovo -> Thinkstation c30 (1136) firmware 
Lenovo -> Thinkcentre m93 firmware 
Lenovo -> Thinkcentre m79 firmware 
Lenovo -> Thinkcentre m72e firmware 
Lenovo -> Yangtian afh81 firmware 
Lenovo -> Thinkcentre m93p firmware 
Lenovo -> Yangtian me/we h110 firmware 
Lenovo -> Thinkstation p500 firmware 
Lenovo -> Thinkcentre x1 aio firmware 
Lenovo -> Yangtian s800 firmware 
Lenovo -> Thinkcentre m600 firmware 
Lenovo -> Thinkstation e32 firmware 
Lenovo -> Thinkstation p310 firmware 
Lenovo -> Thinkcentre m73 firmware 
Lenovo -> Yangtian mc godavari firmware 
Lenovo -> M4500 id firmware 
Lenovo -> Thinkcentre m8600t/s firmware 
Lenovo -> Thinkcentre m800 firmware 
Lenovo -> Thinkserver rd640 firmware 
Lenovo -> Thinkcentre e74s firmware 
Lenovo -> Thinkcentre m910q firmware 
Lenovo -> Thinkcentre m83z (aio) firmware 
Lenovo -> Thinkserver ts150 firmware 
Lenovo -> Thinkcentre e75 t/s firmware 
Lenovo -> Thinkcentre e79 firmware 
Lenovo -> Thinkcentre m910x firmware 
Lenovo -> Thinkserver rd540 firmware 
Lenovo -> Thinkstation p700 firmware 
Lenovo -> Yangtian mc h110 firmware 
Lenovo -> Thinkcentre e74 firmware 
Lenovo -> Ideacentre 300s-11ish firmware 
Lenovo -> Thinkstation p300 firmware 
Lenovo -> Thinkcentre m92p firmware 
Lenovo -> Thinkcentre m8500t/s firmware 
Lenovo -> Yangtian afq150 firmware 
Lenovo -> Thinkcentre m92 firmware 
Lenovo -> M4500 firmware 
Lenovo -> Thinkcentre m900 firmware 
Lenovo -> Thinkcentre m6600 firmware 
Lenovo -> Thinkcentre m910t/s firmware 
Lenovo -> Thinkstation p320 firmware 
Lenovo -> Thinkserver rd440 firmware 
Lenovo -> Thinkcentre m8250z firmware 
Lenovo -> Thinkcentre m4500k firmware 
Lenovo -> Thinkcentre m800z firmware 
Lenovo -> Thinkstation p510 firmware 
Lenovo -> Thinkstation c30 (1137) firmware 
Lenovo -> Thinkstation p710 firmware 
Lenovo -> Thinkstation p900 firmware 
Lenovo -> Thinkserver rd340 firmware 
Lenovo -> S200z firmware 
Lenovo -> Thinkcentre m710t/s firmware 
Lenovo -> Thinkserver td340 firmware 
Lenovo -> Thinkcentre e73 firmware 
Lenovo -> Yangtian afh110 firmware 
Lenovo -> Thinkstation e31 firmware 
Lenovo -> Thinkstation d30 (4354) firmware 
Lenovo -> Ideacentre 510s-08ish firmware 
Lenovo -> Thinkstation s30 (4351) firmware 
Lenovo -> Thinkcentre e73s firmware 
Lenovo -> Ideacentre 510s-23isu firmware 
Lenovo -> Thinkcentre m7250z firmware 
Lenovo -> Yangtian mf/wf h81 firmware 
Lenovo -> V320-15iap firmware 
Lenovo -> Thinkcentre m8350z firmware 
Lenovo -> Thinkcentre m6500t/s firmware 
Lenovo -> Thinkcentre m4600t/s firmware 
Lenovo -> Thinkstation p410 firmware 
Lenovo -> Thinkserver ts250 firmware 
Lenovo -> Thinkcentre m7200z firmware 
Lenovo -> Thinkcentre m73z (aio) firmware 
Lenovo -> H50-30g firmware 
Lenovo -> Thinkstation d30 (4353) firmware 
Lenovo -> Thinkcentre m73p firmware 
Lenovo -> Thinkcentre m610 firmware 
Lenovo -> Thinkserver ts550 firmware 
Lenovo -> Thinkserver rq750 firmware 
Lenovo -> Thinkcentre m6600q firmware 
Lenovo -> Thinkcentre m4500t/s firmware 
Lenovo -> Thinkcentre m7300z firmware 
Lenovo -> M4550 id firmware 
Lenovo -> Thinkcentre m83 firmware 
Lenovo -> Thinkcentre m4500q firmware 
Lenovo -> Ideacentre 700 firmware 
Lenovo -> Thinkcentre e73z (aio) firmware 
Lenovo -> Thinkcentre edge 62z firmware 

 References:
https://support.lenovo.com/us/en/product_security/LEN-14695

Copyright 2021, cxsecurity.com

 

Back to Top