var-201707-0276
Vulnerability from variot
Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an attacker with physical or administrative access to a system to be able to flash the BIOS with an arbitrary image and potentially run malicious BIOS code. Part of Lenovo Of brand notebook products BIOS Contains vulnerabilities related to security features.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo 320-17AST, etc. are all computer products of China Lenovo (Lenovo). BIOS is one of the basic input input systems. There are security vulnerabilities in the BIOS of several Lenovo products. The following versions are affected: Lenovo 320-17AST; 710s-13IKB/XiaoXin Air 13IKB; 710S-13ISK/XiaoXin Air 13; K21-80; K22-80/Lenovo V720-12; K41-80; ideapad 110-14AST; ideapad 110 -15AST; ideapad 320-14AST; ideapad 320-15AST; XiaoXin Rui7000; MIIX 710-12IKB; MIIX 720-12IKB; Rescuer E520-15IKB; V110-14IAP; 11 IKB
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201707-0276", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "bios", "scope": "eq", "trust": 1.6, "vendor": "lenovo", "version": null }, { "model": "bios", "scope": null, "trust": 0.8, "vendor": "lenovo", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-006969" }, { "db": "CNNVD", "id": "CNNVD-201707-651" }, { "db": "NVD", "id": "CVE-2017-3754" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/o:lenovo:bios", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-006969" } ] }, "cve": "CVE-2017-3754", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CVE-2017-3754", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "VHN-111957", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 0.8, "id": "CVE-2017-3754", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2017-3754", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2017-3754", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201707-651", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-111957", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-111957" }, { "db": "JVNDB", "id": "JVNDB-2017-006969" }, { "db": "CNNVD", "id": "CNNVD-201707-651" }, { "db": "NVD", "id": "CVE-2017-3754" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an attacker with physical or administrative access to a system to be able to flash the BIOS with an arbitrary image and potentially run malicious BIOS code. Part of Lenovo Of brand notebook products BIOS Contains vulnerabilities related to security features.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo 320-17AST, etc. are all computer products of China Lenovo (Lenovo). BIOS is one of the basic input input systems. There are security vulnerabilities in the BIOS of several Lenovo products. The following versions are affected: Lenovo 320-17AST; 710s-13IKB/XiaoXin Air 13IKB; 710S-13ISK/XiaoXin Air 13; K21-80; K22-80/Lenovo V720-12; K41-80; ideapad 110-14AST; ideapad 110 -15AST; ideapad 320-14AST; ideapad 320-15AST; XiaoXin Rui7000; MIIX 710-12IKB; MIIX 720-12IKB; Rescuer E520-15IKB; V110-14IAP; 11 IKB", "sources": [ { "db": "NVD", "id": "CVE-2017-3754" }, { "db": "JVNDB", "id": "JVNDB-2017-006969" }, { "db": "VULHUB", "id": "VHN-111957" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-3754", "trust": 2.5 }, { "db": "LENOVO", "id": "LEN-15084", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2017-006969", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201707-651", "trust": 0.7 }, { "db": "VULHUB", "id": "VHN-111957", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-111957" }, { "db": "JVNDB", "id": "JVNDB-2017-006969" }, { "db": "CNNVD", "id": "CNNVD-201707-651" }, { "db": "NVD", "id": "CVE-2017-3754" } ] }, "id": "VAR-201707-0276", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-111957" } ], "trust": 0.01 }, "last_update_date": "2024-11-23T22:01:03.345000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "LEN-15084", "trust": 0.8, "url": "https://support.lenovo.com/jp/ja/product_security/len-15084" }, { "title": "Multiple Lenovo product BIOS Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75597" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-006969" }, { "db": "CNNVD", "id": "CNNVD-201707-651" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-254", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-111957" }, { "db": "JVNDB", "id": "JVNDB-2017-006969" }, { "db": "NVD", "id": "CVE-2017-3754" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://support.lenovo.com/us/en/product_security/len-15084" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3754" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3754" } ], "sources": [ { "db": "VULHUB", "id": "VHN-111957" }, { "db": "JVNDB", "id": "JVNDB-2017-006969" }, { "db": "CNNVD", "id": "CNNVD-201707-651" }, { "db": "NVD", "id": "CVE-2017-3754" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-111957" }, { "db": "JVNDB", "id": "JVNDB-2017-006969" }, { "db": "CNNVD", "id": "CNNVD-201707-651" }, { "db": "NVD", "id": "CVE-2017-3754" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-07-17T00:00:00", "db": "VULHUB", "id": "VHN-111957" }, { "date": "2017-09-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-006969" }, { "date": "2017-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-201707-651" }, { "date": "2017-07-17T19:29:00.323000", "db": "NVD", "id": "CVE-2017-3754" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-10-03T00:00:00", "db": "VULHUB", "id": "VHN-111957" }, { "date": "2017-09-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-006969" }, { "date": "2019-10-23T00:00:00", "db": "CNNVD", "id": "CNNVD-201707-651" }, { "date": "2024-11-21T03:26:04.527000", "db": "NVD", "id": "CVE-2017-3754" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-201707-651" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Part of Lenovo Of brand notebook products BIOS Vulnerabilities related to security functions", "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-006969" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-201707-651" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.