Sign-up

ID

VAR-201706-0357


CVE

CVE-2017-3747


TITLE

Windows 10 For on-board desktop system Lenovo Nerve Center Vulnerability in which privileges are elevated

Trust: 0.8

sources: JVNDB: JVNDB-2017-005178

DESCRIPTION

Privilege escalation vulnerability in Lenovo Nerve Center for Windows 10 on Desktop systems (Lenovo Nerve Center for notebook systems is not affected) that could allow an attacker with local privileges on a system to alter registry keys. LenovoY900 and other Lenovo are Lenovo's notebook products. NerveCenter for Windows 10 is one of the computer performance control software for Windows 10 systems. There is a local privilege elevation vulnerability in LenovoNerveCenter. An attacker could use this vulnerability to change the registration key

Trust: 2.52

sources: NVD: CVE-2017-3747 // JVNDB: JVNDB-2017-005178 // CNVD: CNVD-2017-14022 // BID: 99286 // VULHUB: VHN-111950

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-14022

AFFECTED PRODUCTS

vendor:lenovomodel:nerve centerscope:eqversion: -

Trust: 1.6

vendor:lenovomodel:nerve centerscope: - version: -

Trust: 1.4

vendor:microsoftmodel:windowsscope:eqversion:10

Trust: 0.6

vendor:lenovomodel:nerve center y910scope: - version: -

Trust: 0.3

vendor:lenovomodel:nerve center y900 rescope: - version: -

Trust: 0.3

vendor:lenovomodel:nerve center y900scope: - version: -

Trust: 0.3

vendor:lenovomodel:nerve center y720cubescope: - version: -

Trust: 0.3

vendor:lenovomodel:nerve center y710cubescope: - version: -

Trust: 0.3

vendor:lenovomodel:nerve center y700scope: - version: -

Trust: 0.3

sources: CNVD: CNVD-2017-14022 // BID: 99286 // JVNDB: JVNDB-2017-005178 // CNNVD: CNNVD-201706-1179 // NVD: CVE-2017-3747

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-3747
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-3747
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-14022
value: LOW

Trust: 0.6

CNNVD: CNNVD-201706-1179
value: MEDIUM

Trust: 0.6

VULHUB: VHN-111950
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-3747
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-14022
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-111950
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-3747
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-14022 // VULHUB: VHN-111950 // JVNDB: JVNDB-2017-005178 // CNNVD: CNNVD-201706-1179 // NVD: CVE-2017-3747

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-111950 // JVNDB: JVNDB-2017-005178 // NVD: CVE-2017-3747

THREAT TYPE

local

Trust: 0.9

sources: BID: 99286 // CNNVD: CNNVD-201706-1179

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201706-1179

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-005178

PATCH
title:LEN-15046url:https://support.lenovo.com/jp/ja/product_security/len-15046
Trust: 0.8
title:Patch for LenovoNerveCenter Local Privilege Escalation Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/97889
Trust: 0.6
title:Multiple Lenovo product Nerve Center for Windows 10 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71343
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-14022 // 
            
            
            
            JVNDB: JVNDB-2017-005178 // 
            
            
            
            CNNVD: CNNVD-201706-1179

EXTERNAL IDS
db:NVDid:CVE-2017-3747
Trust: 3.4
db:BIDid:99286
Trust: 2.6
db:LENOVOid:LEN-15046
Trust: 2.0
db:JVNDBid:JVNDB-2017-005178
Trust: 0.8
db:CNNVDid:CNNVD-201706-1179
Trust: 0.7
db:CNVDid:CNVD-2017-14022
Trust: 0.6
db:VULHUBid:VHN-111950
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-14022 // 
            
            
            
            VULHUB: VHN-111950 // 
            
            
            
            BID: 99286 // 
            
            
            
            JVNDB: JVNDB-2017-005178 // 
            
            
            
            CNNVD: CNNVD-201706-1179 // 
            
            
            
            NVD: CVE-2017-3747

REFERENCES
url:http://www.securityfocus.com/bid/99286
Trust: 2.3
url:https://support.lenovo.com/us/en/product_security/len-15046
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3747
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-3747
Trust: 0.8
url:http://www.lenovo.com/ca/en/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-14022 // 
            
            
            
            VULHUB: VHN-111950 // 
            
            
            
            BID: 99286 // 
            
            
            
            JVNDB: JVNDB-2017-005178 // 
            
            
            
            CNNVD: CNNVD-201706-1179 // 
            
            
            
            NVD: CVE-2017-3747

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 99286

SOURCES
db:CNVDid:CNVD-2017-14022
db:VULHUBid:VHN-111950
db:BIDid:99286
db:JVNDBid:JVNDB-2017-005178
db:CNNVDid:CNNVD-201706-1179
db:NVDid:CVE-2017-3747

LAST UPDATE DATE
2025-04-20T23:25:01.055000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-14022date:2017-07-12T00:00:00
db:VULHUBid:VHN-111950date:2019-10-03T00:00:00
db:BIDid:99286date:2017-06-22T00:00:00
db:JVNDBid:JVNDB-2017-005178date:2017-07-20T00:00:00
db:CNNVDid:CNNVD-201706-1179date:2019-10-23T00:00:00
db:NVDid:CVE-2017-3747date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-14022date:2017-07-12T00:00:00
db:VULHUBid:VHN-111950date:2017-06-29T00:00:00
db:BIDid:99286date:2017-06-22T00:00:00
db:JVNDBid:JVNDB-2017-005178date:2017-07-20T00:00:00
db:CNNVDid:CNNVD-201706-1179date:2017-06-29T00:00:00
db:NVDid:CVE-2017-3747date:2017-06-29T15:29:00.160