CVE-2017-3753

Description

A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. (AMI). With this vulnerability, conditions exist where an attacker with administrative privileges or physical access to a system may be able to run specially crafted code that can allow them to bypass system protections such as Device Guard and Hyper-V.

Related CPE's

olenovoideacentre_300-20ish_firmware-*******

hlenovoideacentre_300-20ish-*******

olenovoideacentre_300s-11ish_firmware-*******

hlenovoideacentre_300s-11ish-*******

olenovoideacentre_510s-08ish_firmware-*******

hlenovoideacentre_510s-08ish-*******

olenovoideacentre_700_firmware-*******

hlenovoideacentre_700-*******

olenovo63_firmwarefckt78a*******

hlenovo63-*******

References

https://support.lenovo.com/us/en/product_security/LEN-14695

MitigationVendor Advisory

CvssV3 impact

BaseSeverity

MEDIUM

ConfidentialityImpact

HIGH

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

PHYSICAL

AvailabilityImpact

HIGH

IntegrityImpact

HIGH

PrivilegesRequired

NONE

BaseScore

6.8

VectorString

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Version

3.0

UserInteraction

NONE

CvssV2 impact

Version

2.0

VectorString

AV:L/AC:L/Au:N/C:C/I:C/A:C

AccessVector

LOCAL

AccessComplexity

LOW

Authentication

NONE

ConfidentialityImpact

COMPLETE

IntegrityImpact

COMPLETE

AvailabilityImpact

COMPLETE

BaseScore

7.199999809265137

Created by Yello
About Severity.io