cvelistv5 - CVE-2017-3762

CVE-2017-3762 (GCVE-0-2017-3762)

Vulnerability from cvelistv5

Published

2018-01-26 01:00

Modified

2024-09-16 16:24

Severity ?

CWE

Privilege Escalation

Summary

References

URL

Tags

psirt@lenovo.com	http://www.openwall.com/lists/oss-security/2019/05/08/3
psirt@lenovo.com	http://www.openwall.com/lists/oss-security/2019/05/08/4
psirt@lenovo.com	http://www.openwall.com/lists/oss-security/2019/05/08/5
psirt@lenovo.com	http://www.securityfocus.com/bid/102837	Third Party Advisory, VDB Entry
psirt@lenovo.com	https://support.lenovo.com/product_security/LEN-15999	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2019/05/08/3
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2019/05/08/4
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2019/05/08/5
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/102837	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://support.lenovo.com/product_security/LEN-15999	Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	Lenovo Group Ltd.	Lenovo Fingerprint Manager Pro	Version: Earlier than 8.01.87

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:39:40.562Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "102837",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102837"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.lenovo.com/product_security/LEN-15999"
          },
          {
            "name": "[oss-security] 20190508 Re: Re: fprintd: found storing user fingerprints without encryption",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/05/08/4"
          },
          {
            "name": "[oss-security] 20190508 Re: Re: fprintd: found storing user fingerprints without encryption",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/05/08/3"
          },
          {
            "name": "[oss-security] 20190508 Re: Re: fprintd: found storing user fingerprints without encryption",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/05/08/5"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Lenovo Fingerprint Manager Pro",
          "vendor": "Lenovo Group Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Earlier than 8.01.87"
            }
          ]
        }
      ],
      "datePublic": "2018-01-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users\u0027 Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Privilege Escalation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-08T14:06:18",
        "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "shortName": "lenovo"
      },
      "references": [
        {
          "name": "102837",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102837"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.lenovo.com/product_security/LEN-15999"
        },
        {
          "name": "[oss-security] 20190508 Re: Re: fprintd: found storing user fingerprints without encryption",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/05/08/4"
        },
        {
          "name": "[oss-security] 20190508 Re: Re: fprintd: found storing user fingerprints without encryption",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/05/08/3"
        },
        {
          "name": "[oss-security] 20190508 Re: Re: fprintd: found storing user fingerprints without encryption",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/05/08/5"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@lenovo.com",
          "DATE_PUBLIC": "2018-01-25T00:00:00",
          "ID": "CVE-2017-3762",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Lenovo Fingerprint Manager Pro",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Earlier than 8.01.87"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Lenovo Group Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users\u0027 Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Privilege Escalation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "102837",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102837"
            },
            {
              "name": "https://support.lenovo.com/product_security/LEN-15999",
              "refsource": "CONFIRM",
              "url": "https://support.lenovo.com/product_security/LEN-15999"
            },
            {
              "name": "[oss-security] 20190508 Re: Re: fprintd: found storing user fingerprints without encryption",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/05/08/4"
            },
            {
              "name": "[oss-security] 20190508 Re: Re: fprintd: found storing user fingerprints without encryption",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/05/08/3"
            },
            {
              "name": "[oss-security] 20190508 Re: Re: fprintd: found storing user fingerprints without encryption",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/05/08/5"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
    "assignerShortName": "lenovo",
    "cveId": "CVE-2017-3762",
    "datePublished": "2018-01-26T01:00:00Z",
    "dateReserved": "2016-12-16T00:00:00",
    "dateUpdated": "2024-09-16T16:24:14.952Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-3762\",\"sourceIdentifier\":\"psirt@lenovo.com\",\"published\":\"2018-01-26T01:29:00.203\",\"lastModified\":\"2024-11-21T03:26:05.500\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users\u0027 Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed.\"},{\"lang\":\"es\",\"value\":\"Los datos sensibles almacenados por Lenovo Fingerprint Manager Pro, en su versi\u00f3n 8.01.86 y anteriores, incluyendo las credenciales de inicio de sesi\u00f3n en Windows y los datos de huella digital de los usuarios, se cifran mediante un algoritmo d\u00e9bil, contienen una contrase\u00f1a embebida y son accesibles a todos los usuarios con acceso local no administrativo al sistema en el que est\u00e1 instalado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-798\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lenovo:fingerprint_manager_pro:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.01.86\",\"matchCriteriaId\":\"4CB543BA-B73D-4C33-BF7E-54531398DF05\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E33796DB-4523-4F04-B564-ADF030553D51\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D229E41-A971-4284-9657-16D78414B93F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2019/05/08/3\",\"source\":\"psirt@lenovo.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/05/08/4\",\"source\":\"psirt@lenovo.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/05/08/5\",\"source\":\"psirt@lenovo.com\"},{\"url\":\"http://www.securityfocus.com/bid/102837\",\"source\":\"psirt@lenovo.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.lenovo.com/product_security/LEN-15999\",\"source\":\"psirt@lenovo.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/05/08/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/05/08/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/05/08/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/102837\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.lenovo.com/product_security/LEN-15999\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

gsd-2017-3762

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2017-3762

Aliases

CVE-2017-3762

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-3762",
    "description": "Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users\u0027 Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed.",
    "id": "GSD-2017-3762"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-3762"
      ],
      "details": "Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users\u0027 Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed.",
      "id": "GSD-2017-3762",
      "modified": "2023-12-13T01:21:16.770032Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@lenovo.com",
        "DATE_PUBLIC": "2018-01-25T00:00:00",
        "ID": "CVE-2017-3762",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Lenovo Fingerprint Manager Pro",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Earlier than 8.01.87"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Lenovo Group Ltd."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users\u0027 Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Privilege Escalation"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "102837",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/102837"
          },
          {
            "name": "https://support.lenovo.com/product_security/LEN-15999",
            "refsource": "CONFIRM",
            "url": "https://support.lenovo.com/product_security/LEN-15999"
          },
          {
            "name": "[oss-security] 20190508 Re: Re: fprintd: found storing user fingerprints without encryption",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2019/05/08/4"
          },
          {
            "name": "[oss-security] 20190508 Re: Re: fprintd: found storing user fingerprints without encryption",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2019/05/08/3"
          },
          {
            "name": "[oss-security] 20190508 Re: Re: fprintd: found storing user fingerprints without encryption",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2019/05/08/5"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:lenovo:fingerprint_manager_pro:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "8.01.86",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@lenovo.com",
          "ID": "CVE-2017-3762"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users\u0027 Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-798"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.lenovo.com/product_security/LEN-15999",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://support.lenovo.com/product_security/LEN-15999"
            },
            {
              "name": "102837",
              "refsource": "BID",
              "tags": [
                "VDB Entry",
                "Third Party Advisory"
              ],
              "url": "http://www.securityfocus.com/bid/102837"
            },
            {
              "name": "[oss-security] 20190508 Re: Re: fprintd: found storing user fingerprints without encryption",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2019/05/08/4"
            },
            {
              "name": "[oss-security] 20190508 Re: Re: fprintd: found storing user fingerprints without encryption",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2019/05/08/3"
            },
            {
              "name": "[oss-security] 20190508 Re: Re: fprintd: found storing user fingerprints without encryption",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2019/05/08/5"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-05-08T15:29Z",
      "publishedDate": "2018-01-26T01:29Z"
    }
  }
}

cnvd-2018-04363

Vulnerability from cnvd

Title

多款Lenovo产品Fingerprint Manager Pro硬编码密码

Description

Lenovo ThinkPad L560等都是中国联想（Lenovo）公司的电脑产品。Fingerprint Manager Pro是其中的一款指纹识别传感器驱动程序。多款Lenovo产品中的Fingerprint Manager Pro 8.01.86及之前的版本存在安全漏洞，该漏洞源于敏感数据使用了较弱的加密算法进行加密，并包含有硬编码密码。攻击者可利用该漏洞访问系统。

Severity

高

Patch Name

多款Lenovo产品Fingerprint Manager Pro硬编码密码的补丁

Patch Description

Formal description

厂商已发布漏洞修复程序，请及时关注更新： https://support.lenovo.com/us/zh/product_security/len-15999

Reference

https://support.lenovo.com/us/zh/product_security/len-15999 http://www.securityfocus.com/bid/102837

Impacted products

Name
Lenovo Fingerprint Manager Pro <=8.01.86

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "102837"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-3762"
    }
  },
  "description": "Lenovo ThinkPad L560\u7b49\u90fd\u662f\u4e2d\u56fd\u8054\u60f3\uff08Lenovo\uff09\u516c\u53f8\u7684\u7535\u8111\u4ea7\u54c1\u3002Fingerprint Manager Pro\u662f\u5176\u4e2d\u7684\u4e00\u6b3e\u6307\u7eb9\u8bc6\u522b\u4f20\u611f\u5668\u9a71\u52a8\u7a0b\u5e8f\u3002\r\n\r\n\u591a\u6b3eLenovo\u4ea7\u54c1\u4e2d\u7684Fingerprint Manager Pro 8.01.86\u53ca\u4e4b\u524d\u7684\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u654f\u611f\u6570\u636e\u4f7f\u7528\u4e86\u8f83\u5f31\u7684\u52a0\u5bc6\u7b97\u6cd5\u8fdb\u884c\u52a0\u5bc6\uff0c\u5e76\u5305\u542b\u6709\u786c\u7f16\u7801\u5bc6\u7801\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u7cfb\u7edf\u3002",
  "discovererName": "Jackson Thuraisamy from Security Compass",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.lenovo.com/us/zh/product_security/len-15999",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-04363",
  "openTime": "2018-03-06",
  "patchDescription": "Lenovo ThinkPad L560\u7b49\u90fd\u662f\u4e2d\u56fd\u8054\u60f3\uff08Lenovo\uff09\u516c\u53f8\u7684\u7535\u8111\u4ea7\u54c1\u3002Fingerprint Manager Pro\u662f\u5176\u4e2d\u7684\u4e00\u6b3e\u6307\u7eb9\u8bc6\u522b\u4f20\u611f\u5668\u9a71\u52a8\u7a0b\u5e8f\u3002\r\n\r\n\u591a\u6b3eLenovo\u4ea7\u54c1\u4e2d\u7684Fingerprint Manager Pro 8.01.86\u53ca\u4e4b\u524d\u7684\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u654f\u611f\u6570\u636e\u4f7f\u7528\u4e86\u8f83\u5f31\u7684\u52a0\u5bc6\u7b97\u6cd5\u8fdb\u884c\u52a0\u5bc6\uff0c\u5e76\u5305\u542b\u6709\u786c\u7f16\u7801\u5bc6\u7801\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u7cfb\u7edf\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eLenovo\u4ea7\u54c1Fingerprint Manager Pro\u786c\u7f16\u7801\u5bc6\u7801\u7684\u8865\u4e01",
  "products": {
    "product": "Lenovo Fingerprint Manager Pro \u003c=8.01.86"
  },
  "referenceLink": "https://support.lenovo.com/us/zh/product_security/len-15999\r\nhttp://www.securityfocus.com/bid/102837",
  "serverity": "\u9ad8",
  "submitTime": "2018-01-26",
  "title": "\u591a\u6b3eLenovo\u4ea7\u54c1Fingerprint Manager Pro\u786c\u7f16\u7801\u5bc6\u7801"
}

Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users' Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed. Lenovo Fingerprint Manager Pro Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo ThinkPad L560 and other computer products of China Lenovo (Lenovo). FingerprintManagerPro is one of the fingerprint recognition sensor drivers. An attacker could exploit the vulnerability to access the system. Lenovo Fingerprint Manager Pro is prone to multiple local security weaknesses. A local attacker can exploit these issues to perform certain unauthorized actions or gain potentially sensitive information. Versions prior to Fingerprint Manager Pro 8.01.87 are vulnerable. The following products are affected: Lenovo ThinkPad L560; ThinkPad P40 Yoga, P50s; ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560; ThinkPad W540, W541, W550s; ThinkPad X1 Carbon (Type 20A87, 20A) , X1 Carbon (Type 20BS, 20BT); ThinkPad X240, X240s, X250, X260; ThinkPad Yoga 14 (20FY), Yoga 460; ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z; ThinkStation E32, P300 , P500, P700, P900

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201801-0502",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fingerprint manager pro",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "lenovo",
        "version": "8.01.86"
      },
      {
        "model": "fingerprint manager pro",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "lenovo",
        "version": "\u003c=8.01.86"
      },
      {
        "model": "thinkpad carbon",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "lenovo",
        "version": "x10"
      },
      {
        "model": "fingerprint manager pro",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "lenovo",
        "version": "8.01.86"
      },
      {
        "model": "thinkstation p900",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkstation p700",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkstation p500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkstation p300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkstation e32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkpad yoga",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "4600"
      },
      {
        "model": "thinkpad yoga",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "140"
      },
      {
        "model": "thinkpad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "x2600"
      },
      {
        "model": "thinkpad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "x2500"
      },
      {
        "model": "thinkpad x240s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkpad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "x2400"
      },
      {
        "model": "thinkpad w550s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkpad w541",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkpad w540",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkpad t560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkpad t550",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkpad t540p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkpad t460",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkpad t450s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkpad t450",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkpad t440s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkpad t440p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkpad t440",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkpad p50s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkpad p40 yoga",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkpad l560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkcentre m93p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkcentre m9350z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkcentre m93",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkcentre m83",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkcentre m79",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkcentre m78",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkcentre m73z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkcentre m73",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "fingerprint manager pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "8.1.57"
      },
      {
        "model": "fingerprint manager pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "8.1.42"
      },
      {
        "model": "fingerprint manager pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "8.1.41"
      },
      {
        "model": "fingerprint manager pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "8.1.35"
      },
      {
        "model": "fingerprint manager pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "8.1.26"
      },
      {
        "model": "fingerprint manager pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "8.1.18"
      },
      {
        "model": "fingerprint manager pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "8.1.11"
      },
      {
        "model": "fingerprint manager pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "8.1.7"
      },
      {
        "model": "fingerprint manager pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "8.1.5"
      },
      {
        "model": "fingerprint manager pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "8.1"
      },
      {
        "model": "fingerprint manager pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "8.0.47"
      },
      {
        "model": "fingerprint manager pro",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "8.1.87"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-04363"
      },
      {
        "db": "BID",
        "id": "102837"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001588"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-1044"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3762"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:lenovo:fingerprint_manager_pro",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001588"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Jackson Thuraisamy from Security Compass",
    "sources": [
      {
        "db": "BID",
        "id": "102837"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-3762",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2017-3762",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2018-04363",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-111965",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2017-3762",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-3762",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-3762",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-04363",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201801-1044",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-111965",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-04363"
      },
      {
        "db": "VULHUB",
        "id": "VHN-111965"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001588"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-1044"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3762"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users\u0027 Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed. Lenovo Fingerprint Manager Pro Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo ThinkPad L560 and other computer products of China Lenovo (Lenovo). FingerprintManagerPro is one of the fingerprint recognition sensor drivers. An attacker could exploit the vulnerability to access the system. Lenovo Fingerprint Manager Pro is prone to multiple local security weaknesses. \nA local attacker can exploit these issues to perform certain unauthorized actions or gain potentially sensitive information. \nVersions prior to Fingerprint Manager Pro 8.01.87 are vulnerable. The following products are affected: Lenovo ThinkPad L560; ThinkPad P40 Yoga, P50s; ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560; ThinkPad W540, W541, W550s; ThinkPad X1 Carbon (Type 20A87, 20A) , X1 Carbon (Type 20BS, 20BT); ThinkPad X240, X240s, X250, X260; ThinkPad Yoga 14 (20FY), Yoga 460; ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z; ThinkStation E32, P300 , P500, P700, P900",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-3762"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001588"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-04363"
      },
      {
        "db": "BID",
        "id": "102837"
      },
      {
        "db": "VULHUB",
        "id": "VHN-111965"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-3762",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "102837",
        "trust": 2.6
      },
      {
        "db": "LENOVO",
        "id": "LEN-15999",
        "trust": 2.6
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2019/05/08/3",
        "trust": 1.7
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2019/05/08/5",
        "trust": 1.7
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2019/05/08/4",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001588",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-1044",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-04363",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-111965",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-04363"
      },
      {
        "db": "VULHUB",
        "id": "VHN-111965"
      },
      {
        "db": "BID",
        "id": "102837"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001588"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-1044"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3762"
      }
    ]
  },
  "id": "VAR-201801-0502",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-04363"
      },
      {
        "db": "VULHUB",
        "id": "VHN-111965"
      }
    ],
    "trust": 1.08888891
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-04363"
      }
    ]
  },
  "last_update_date": "2024-11-23T23:02:14.154000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "LEN-15999",
        "trust": 0.8,
        "url": "https://support.lenovo.com/jp/ja/product_security/len-15999"
      },
      {
        "title": "Patches for hardcoded passwords for several Lenovo products FingerprintManagerPro",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/120257"
      },
      {
        "title": "Multiple Lenovo product Fingerprint Manager Pro Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78140"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-04363"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001588"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-1044"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-798",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-111965"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001588"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3762"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/102837"
      },
      {
        "trust": 1.7,
        "url": "https://support.lenovo.com/product_security/len-15999"
      },
      {
        "trust": 1.7,
        "url": "http://www.openwall.com/lists/oss-security/2019/05/08/3"
      },
      {
        "trust": 1.7,
        "url": "http://www.openwall.com/lists/oss-security/2019/05/08/4"
      },
      {
        "trust": 1.7,
        "url": "http://www.openwall.com/lists/oss-security/2019/05/08/5"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3762"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3762"
      },
      {
        "trust": 0.6,
        "url": "https://support.lenovo.com/us/zh/product_security/len-15999"
      },
      {
        "trust": 0.3,
        "url": "http://www.lenovo.com/ca/en/"
      },
      {
        "trust": 0.3,
        "url": "https://support.lenovo.com/us/en/product_security/len-15999"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-04363"
      },
      {
        "db": "VULHUB",
        "id": "VHN-111965"
      },
      {
        "db": "BID",
        "id": "102837"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001588"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-1044"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3762"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-04363"
      },
      {
        "db": "VULHUB",
        "id": "VHN-111965"
      },
      {
        "db": "BID",
        "id": "102837"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001588"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-1044"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3762"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-03-06T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-04363"
      },
      {
        "date": "2018-01-26T00:00:00",
        "db": "VULHUB",
        "id": "VHN-111965"
      },
      {
        "date": "2018-01-25T00:00:00",
        "db": "BID",
        "id": "102837"
      },
      {
        "date": "2018-02-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-001588"
      },
      {
        "date": "2018-01-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201801-1044"
      },
      {
        "date": "2018-01-26T01:29:00.203000",
        "db": "NVD",
        "id": "CVE-2017-3762"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-03-06T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-04363"
      },
      {
        "date": "2019-05-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-111965"
      },
      {
        "date": "2018-01-25T00:00:00",
        "db": "BID",
        "id": "102837"
      },
      {
        "date": "2018-02-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-001588"
      },
      {
        "date": "2019-05-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201801-1044"
      },
      {
        "date": "2024-11-21T03:26:05.500000",
        "db": "NVD",
        "id": "CVE-2017-3762"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "102837"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-1044"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Lenovo Fingerprint Manager Pro Vulnerabilities related to the use of hard-coded credentials",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001588"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "trust management problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-1044"
      }
    ],
    "trust": 0.6
  }
}

ghsa-4pq3-x47m-6w2q

Vulnerability from github

Published

2022-05-14 01:05

Modified

2022-05-14 01:05

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-3762"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-798"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-01-26T01:29:00Z",
    "severity": "HIGH"
  },
  "details": "Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users\u0027 Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed.",
  "id": "GHSA-4pq3-x47m-6w2q",
  "modified": "2022-05-14T01:05:26Z",
  "published": "2022-05-14T01:05:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3762"
    },
    {
      "type": "WEB",
      "url": "https://support.lenovo.com/product_security/LEN-15999"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/05/08/3"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/05/08/4"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/05/08/5"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102837"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

fkie_cve-2017-3762

Vulnerability from fkie_nvd

Published

2018-01-26 01:29

Modified

2024-11-21 03:26

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@lenovo.com	http://www.openwall.com/lists/oss-security/2019/05/08/3
psirt@lenovo.com	http://www.openwall.com/lists/oss-security/2019/05/08/4
psirt@lenovo.com	http://www.openwall.com/lists/oss-security/2019/05/08/5
psirt@lenovo.com	http://www.securityfocus.com/bid/102837	Third Party Advisory, VDB Entry
psirt@lenovo.com	https://support.lenovo.com/product_security/LEN-15999	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2019/05/08/3
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2019/05/08/4
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2019/05/08/5
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/102837	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://support.lenovo.com/product_security/LEN-15999	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
lenovo	fingerprint_manager_pro	*
microsoft	windows_7	-
microsoft	windows_8	-
microsoft	windows_8.1	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:lenovo:fingerprint_manager_pro:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CB543BA-B73D-4C33-BF7E-54531398DF05",
              "versionEndIncluding": "8.01.86",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E33796DB-4523-4F04-B564-ADF030553D51",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D229E41-A971-4284-9657-16D78414B93F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users\u0027 Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed."
    },
    {
      "lang": "es",
      "value": "Los datos sensibles almacenados por Lenovo Fingerprint Manager Pro, en su versi\u00f3n 8.01.86 y anteriores, incluyendo las credenciales de inicio de sesi\u00f3n en Windows y los datos de huella digital de los usuarios, se cifran mediante un algoritmo d\u00e9bil, contienen una contrase\u00f1a embebida y son accesibles a todos los usuarios con acceso local no administrativo al sistema en el que est\u00e1 instalado."
    }
  ],
  "id": "CVE-2017-3762",
  "lastModified": "2024-11-21T03:26:05.500",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-01-26T01:29:00.203",
  "references": [
    {
      "source": "psirt@lenovo.com",
      "url": "http://www.openwall.com/lists/oss-security/2019/05/08/3"
    },
    {
      "source": "psirt@lenovo.com",
      "url": "http://www.openwall.com/lists/oss-security/2019/05/08/4"
    },
    {
      "source": "psirt@lenovo.com",
      "url": "http://www.openwall.com/lists/oss-security/2019/05/08/5"
    },
    {
      "source": "psirt@lenovo.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102837"
    },
    {
      "source": "psirt@lenovo.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://support.lenovo.com/product_security/LEN-15999"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2019/05/08/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2019/05/08/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2019/05/08/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102837"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://support.lenovo.com/product_security/LEN-15999"
    }
  ],
  "sourceIdentifier": "psirt@lenovo.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2017-3762 (GCVE-0-2017-3762)

Vulnerability from cvelistv5

gsd-2017-3762

Vulnerability from gsd

cnvd-2018-04363

Vulnerability from cnvd

var-201801-0502

Vulnerability from variot

ghsa-4pq3-x47m-6w2q

Vulnerability from github

fkie_cve-2017-3762

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature