| |
Vulnerability CVE-2017-3761
Published: 2017-10-17 Modified: 2017-10-18
| Description: |
The Lenovo Service Framework Android application executes some system commands without proper sanitization of external input. In certain cases, this could lead to command injection which, in turn, could lead to remote code execution. |
Type:
CWE-78 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
)
CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
10/10 |
10/10 |
10/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
Complete |
Complete |
Complete |
References: |
https://support.lenovo.com/us/en/product_security/LEN-15374
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
