CVE-2017-3753: A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. (AMI). With this vulnerability…

medium6.8CVSS 3.0

AVPACLPRNUINSUCHIHAH

A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. (AMI). With this vulnerability, conditions exist where an attacker with administrative privileges or physical access to a system may be able to run specially crafted code that can allow them to bypass system protections such as Device Guard and Hyper-V.

Affected

86 ranges· showing 25

Vendor	Product	Version range	Fixed in
lenovo	63_firmware	—	—
lenovo	h50-30g_firmware	—	—
lenovo	ideacentre_510s-23isu_firmware	—	—
lenovo	m4500_firmware	—	—
lenovo	m4500_id_firmware	—	—
lenovo	m4550_id_firmware	—	—
lenovo	s200z_firmware	—	—
lenovo	s500_firmware	—	—
lenovo	thinkcentre_e73_firmware	—	—
lenovo	thinkcentre_e73s_firmware	—	—
lenovo	thinkcentre_e73z_firmware	—	—
lenovo	thinkcentre_e74_firmware	—	—
lenovo	thinkcentre_e74s_firmware	—	—
lenovo	thinkcentre_e74z_firmware	—	—
lenovo	thinkcentre_e79_firmware	—	—
lenovo	thinkcentre_e93_firmware	—	—
lenovo	thinkcentre_e93z_firmware	—	—
lenovo	thinkcentre_edge_62z_firmware	—	—
lenovo	thinkcentre_m4500k_firmware	—	—
lenovo	thinkcentre_m4500q_firmware	—	—
lenovo	thinkcentre_m4500t_s_firmware	—	—
lenovo	thinkcentre_m4600t_s_firmware	—	—
lenovo	thinkcentre_m600_firmware	—	—
lenovo	thinkcentre_m6500t_s_firmware	—	—
lenovo	thinkcentre_m6600_firmware	—	—

CVSS provenance

nvdv3.06.8MEDIUMCVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

osv7.8HIGH