Details of VAR-201706-0352

ID

VAR-201706-0352

CVE

CVE-2017-3740

TITLE

Lenovo Active Protection System Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2017-004695

DESCRIPTION

In Lenovo Active Protection System before 1.82.0.14, an attacker with local privileges could send commands to the system's embedded controller, which could cause a denial of service attack on the system or the ability to alter hardware functionality. Lenovo Active Protection System Contains vulnerabilities related to authorization, permissions, and access control.Service operation interruption (DoS) There is a possibility of being put into a state. LenovoThinkpad is a portable computer under the Lenovo China company. ActiveProtectionSystem is an autonomous feature that protects the hard drive from damage caused by strong physical shock and vibration. A privilege elevation vulnerability exists in versions of ActiveProtectionSystem prior to 1.82.0.14 in Lenovo Thinkpad

Trust: 2.25

sources: NVD: CVE-2017-3740 // JVNDB: JVNDB-2017-004695 // CNVD: CNVD-2017-08613 // VULHUB: VHN-111943

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-08613

AFFECTED PRODUCTS

vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.63	Trust: 1.6
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.73	Trust: 1.6
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.82.0.10	Trust: 1.6
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.74	Trust: 1.6
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.70	Trust: 1.6
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.71	Trust: 1.6
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.82.0.07	Trust: 1.6
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.72	Trust: 1.6
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.75	Trust: 1.6
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.80.11.00	Trust: 1.6
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.62	Trust: 1.0
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.21	Trust: 1.0
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.32	Trust: 1.0
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.77.0.20	Trust: 1.0
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.77.0.26	Trust: 1.0
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.82.0.06	Trust: 1.0
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.53	Trust: 1.0
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.82.0.03	Trust: 1.0
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.40	Trust: 1.0
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.33b	Trust: 1.0
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.61	Trust: 1.0
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.77.0.9	Trust: 1.0
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.23	Trust: 1.0
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.78.0.11	Trust: 1.0
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.80.8.00	Trust: 1.0
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.77.0.5	Trust: 1.0
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.52	Trust: 1.0
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.81.0.08	Trust: 1.0
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.77.0.8	Trust: 1.0
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.77.0.7	Trust: 1.0
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.78.0.10	Trust: 1.0
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.76	Trust: 1.0
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.79.0.03	Trust: 1.0
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.00b	Trust: 1.0
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.54	Trust: 1.0
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.41	Trust: 1.0
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.64	Trust: 1.0
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.22	Trust: 1.0
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.30b	Trust: 1.0
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.01b	Trust: 1.0
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.31	Trust: 1.0
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.80.3.00	Trust: 1.0
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.80.1.00	Trust: 1.0
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.51	Trust: 1.0
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.34	Trust: 1.0
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.77.0.11	Trust: 1.0
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.20b	Trust: 1.0
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.78.0.09	Trust: 1.0
vendor:	lenovo	model:	active protection system	scope:	eq	version:	1.50	Trust: 1.0
vendor:	lenovo	model:	active protection system	scope:	lt	version:	1.82.0.14	Trust: 0.8
vendor:	lenovo	model:	thinkpad active protection system	scope:	lte	version:	<=1.82.0.14	Trust: 0.6

sources: CNVD: CNVD-2017-08613 // JVNDB: JVNDB-2017-004695 // CNNVD: CNNVD-201706-089 // NVD: CVE-2017-3740

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-3740
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-3740
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-08613
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201706-089
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-111943
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-3740
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-08613
severity:	LOW
baseScore:	1.9
vectorString:	AV:L/AC:M/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-111943
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-3740
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-08613 // VULHUB: VHN-111943 // JVNDB: JVNDB-2017-004695 // CNNVD: CNNVD-201706-089 // NVD: CVE-2017-3740

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-111943 // JVNDB: JVNDB-2017-004695 // NVD: CVE-2017-3740

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201706-089

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201706-089

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-004695

PATCH

title:	LEN-13637	url:	https://support.lenovo.com/us/en/product_security/LEN-13637	Trust: 0.8
title:	LenovoThinkpadActiveProtectionSystem privilege escalation vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/94931	Trust: 0.6
title:	Lenovo Thinkpad Active Protection System Fixes for permission permissions and access control vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70750	Trust: 0.6

sources: CNVD: CNVD-2017-08613 // JVNDB: JVNDB-2017-004695 // CNNVD: CNNVD-201706-089

EXTERNAL IDS

db:	NVD	id:	CVE-2017-3740	Trust: 3.1
db:	LENOVO	id:	LEN-13637	Trust: 2.3
db:	JVNDB	id:	JVNDB-2017-004695	Trust: 0.8
db:	CNNVD	id:	CNNVD-201706-089	Trust: 0.7
db:	CNVD	id:	CNVD-2017-08613	Trust: 0.6
db:	VULHUB	id:	VHN-111943	Trust: 0.1

sources: CNVD: CNVD-2017-08613 // VULHUB: VHN-111943 // JVNDB: JVNDB-2017-004695 // CNNVD: CNNVD-201706-089 // NVD: CVE-2017-3740

REFERENCES

url:	https://support.lenovo.com/us/en/product_security/len-13637	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3740	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3740	Trust: 0.8
url:	https://support.lenovo.com/us/zh/product_security/len-13637	Trust: 0.6

sources: CNVD: CNVD-2017-08613 // VULHUB: VHN-111943 // JVNDB: JVNDB-2017-004695 // CNNVD: CNNVD-201706-089 // NVD: CVE-2017-3740

SOURCES

db:	CNVD	id:	CNVD-2017-08613
db:	VULHUB	id:	VHN-111943
db:	JVNDB	id:	JVNDB-2017-004695
db:	CNNVD	id:	CNNVD-201706-089
db:	NVD	id:	CVE-2017-3740

LAST UPDATE DATE

2025-04-20T23:37:55.339000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-08613	date:	2017-06-07T00:00:00
db:	VULHUB	id:	VHN-111943	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-004695	date:	2017-07-05T00:00:00
db:	CNNVD	id:	CNNVD-201706-089	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-3740	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-08613	date:	2017-06-07T00:00:00
db:	VULHUB	id:	VHN-111943	date:	2017-06-04T00:00:00
db:	JVNDB	id:	JVNDB-2017-004695	date:	2017-07-05T00:00:00
db:	CNNVD	id:	CNNVD-201706-089	date:	2017-06-05T00:00:00
db:	NVD	id:	CVE-2017-3740	date:	2017-06-04T21:29:00.357