Sign-up

ID

VAR-201706-0354


CVE

CVE-2017-3743


TITLE

Lenovo ToolsCenter Information disclosure vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-005066

DESCRIPTION

If multiple users are concurrently logged into a single system where one user is sending a command via the Lenovo ToolsCenter Advanced Settings Utility (ASU), UpdateXpress System Pack Installer (UXSPI) or Dynamic System Analysis (DSA) to a second machine, the other users may be able to see the user ID and clear text password that were used to access the second machine during the time the command is processing. Lenovo ToolsCenter Advanced Settings Utility (ASU) , UpdateXpress System Pack Installer (UXSPI) Or Dynamic System Analysis (DSA) Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Security vulnerabilities exist in several Lenovo products. A local attacker can exploit this vulnerability to obtain user IDs and plaintext passwords

Trust: 1.71

sources: NVD: CVE-2017-3743 // JVNDB: JVNDB-2017-005066 // VULHUB: VHN-111946

AFFECTED PRODUCTS

vendor:lenovomodel:toolscenter dynamic system analysisscope:lteversion:10.2

Trust: 1.0

vendor:lenovomodel:updatexpress system pack installerscope:lteversion:10.2

Trust: 1.0

vendor:lenovomodel:advanced settings utilityscope:lteversion:10.1

Trust: 1.0

vendor:lenovomodel:advanced settings utilityscope: - version: -

Trust: 0.8

vendor:lenovomodel:dynamic system analysisscope: - version: -

Trust: 0.8

vendor:lenovomodel:updatexpress system packs installerscope: - version: -

Trust: 0.8

vendor:lenovomodel:updatexpress system pack installerscope:eqversion:10.2

Trust: 0.6

vendor:lenovomodel:toolscenter dynamic system analysisscope:eqversion:10.2

Trust: 0.6

vendor:lenovomodel:advanced settings utilityscope:eqversion:10.1

Trust: 0.6

sources: JVNDB: JVNDB-2017-005066 // CNNVD: CNNVD-201706-792 // NVD: CVE-2017-3743

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-3743
value: HIGH

Trust: 1.0

NVD: CVE-2017-3743
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201706-792
value: LOW

Trust: 0.6

VULHUB: VHN-111946
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-3743
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-111946
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-3743
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-111946 // JVNDB: JVNDB-2017-005066 // CNNVD: CNNVD-201706-792 // NVD: CVE-2017-3743

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-111946 // JVNDB: JVNDB-2017-005066 // NVD: CVE-2017-3743

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-792

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201706-792

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-005066

PATCH
title:LEN-10810url:https://support.lenovo.com/jp/ja/product_security/len-10810
Trust: 0.8
title:Multiple Lenovo Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71254
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-005066 // 
            
            
            
            CNNVD: CNNVD-201706-792

EXTERNAL IDS
db:NVDid:CVE-2017-3743
Trust: 2.5
db:LENOVOid:LEN-10810
Trust: 1.7
db:JVNDBid:JVNDB-2017-005066
Trust: 0.8
db:CNNVDid:CNNVD-201706-792
Trust: 0.7
db:VULHUBid:VHN-111946
Trust: 0.1
sources:
            
            
            VULHUB: VHN-111946 // 
            
            
            
            JVNDB: JVNDB-2017-005066 // 
            
            
            
            CNNVD: CNNVD-201706-792 // 
            
            
            
            NVD: CVE-2017-3743

REFERENCES
url:https://support.lenovo.com/us/en/product_security/len-10810
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3743
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-3743
Trust: 0.8
sources:
            
            
            VULHUB: VHN-111946 // 
            
            
            
            JVNDB: JVNDB-2017-005066 // 
            
            
            
            CNNVD: CNNVD-201706-792 // 
            
            
            
            NVD: CVE-2017-3743

SOURCES
db:VULHUBid:VHN-111946
db:JVNDBid:JVNDB-2017-005066
db:CNNVDid:CNNVD-201706-792
db:NVDid:CVE-2017-3743

LAST UPDATE DATE
2025-04-20T23:19:56.495000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-111946date:2017-06-30T00:00:00
db:JVNDBid:JVNDB-2017-005066date:2017-07-13T00:00:00
db:CNNVDid:CNNVD-201706-792date:2017-06-29T00:00:00
db:NVDid:CVE-2017-3743date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-111946date:2017-06-20T00:00:00
db:JVNDBid:JVNDB-2017-005066date:2017-07-13T00:00:00
db:CNNVDid:CNNVD-201706-792date:2017-06-29T00:00:00
db:NVDid:CVE-2017-3743date:2017-06-20T00:29:00.297