CVE-2017-3753

CWE-94 — Code Injection4 documents4 sources

Severity

6.8MEDIUM

EPSS

0.0%

top 86.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo Group Ltd. Desktop AND Notebook Bios Lenovo 63 Firmware Lenovo H50-30g Firmware +86 more

Timeline

PublishedAug 10

Latest updateMay 17

Description

A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. (AMI). With this vulnerability, conditions exist where an attacker with administrative privileges or physical access to a system may be able to run specially crafted code that can allow them to bypass system protections such as Device Guard and Hyper-V.

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages89 packages

▶CVEListV5lenovo_group_ltd./desktop_and_notebook_biosvarious

▶NVDlenovo/63_firmwarefckt78a

▶NVDlenovo/s500_firmwarem0kkt24a

▶NVDlenovo/m4500_firmwarefckt78a

▶NVDlenovo/s200z_firmwarem09kt33a

🔴Vulnerability Details

GHSA

GHSA-97c7-jg3h-5vf5: A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc↗2022-05-17

▶

OSV

linux-lts-xenial, linux-aws vulnerabilities↗2018-08-24

▶

CVEList

CVE-2017-3753: A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc↗2017-08-10

▶