Sign-up

ID

VAR-201706-0360


CVE

CVE-2017-3750


TITLE

Lenovo VIBE cell phone's Lenovo Security Android Vulnerabilities related to authorization, authority, and access control in applications

Trust: 0.8

sources: JVNDB: JVNDB-2017-005177

DESCRIPTION

On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3749. Lenovo VIBE cell phone's Lenovo Security Android Applications have vulnerabilities related to authorization, permissions, and access control.CVE-2017-3748 and CVE-2017-3749 Information is obtained, information is tampered with, and service operation is disrupted by exploiting it together with vulnerabilities (DoS) There is a possibility of being put into a state. Android6.0Marshmallow is a Linux-based open source operating system jointly developed by Google and the Open Handheld Device Alliance (OHA). LenovoA2010-a, etc. are all Lenovo's smartphone products using the Android6.0 Marshmallow operating system. A Permission Access Vulnerability exists in several LenovoVIBE phones using versions prior to Android6.0 Marshmallow, which stems from the LenovoSecurityAndroid app allowing backup and storage of private data via AndroidDebugBridge. An attacker could exploit the vulnerability to gain elevated privileges

Trust: 2.25

sources: NVD: CVE-2017-3750 // JVNDB: JVNDB-2017-005177 // CNVD: CNVD-2017-14024 // VULMON: CVE-2017-3750

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-14024

AFFECTED PRODUCTS

vendor:googlemodel:androidscope:lteversion:5.1.1

Trust: 1.0

vendor:googlemodel:androidscope: - version: -

Trust: 0.8

vendor:lenovomodel:vibe a1600scope: - version: -

Trust: 0.6

vendor:lenovomodel:vibe a2560scope: - version: -

Trust: 0.6

vendor:lenovomodel:vibe a2800scope: - version: -

Trust: 0.6

vendor:lenovomodel:vibe a2860scope: - version: -

Trust: 0.6

vendor:lenovomodel:vibe a2880scope: - version: -

Trust: 0.6

vendor:lenovomodel:vibe a3000scope: - version: -

Trust: 0.6

vendor:lenovomodel:vibe a3500scope: - version: -

Trust: 0.6

vendor:lenovomodel:vibe a3600-dscope: - version: -

Trust: 0.6

vendor:lenovomodel:vibe a3600uscope: - version: -

Trust: 0.6

vendor:lenovomodel:vibe a3800-dscope: - version: -

Trust: 0.6

vendor:lenovomodel:vibe a3900scope: - version: -

Trust: 0.6

vendor:lenovomodel:vibe a6000scope: - version: -

Trust: 0.6

vendor:lenovomodel:vibe a6000-iscope: - version: -

Trust: 0.6

vendor:lenovomodel:vibe a6020i37scope: - version: -

Trust: 0.6

vendor:lenovomodel:vibe a6600scope: - version: -

Trust: 0.6

vendor:lenovomodel:vibe a6800scope: - version: -

Trust: 0.6

vendor:lenovomodel:vibe k30-escope: - version: -

Trust: 0.6

vendor:lenovomodel:vibe k30-w-cuscope: - version: -

Trust: 0.6

vendor:lenovomodel:vibe k32c30scope: - version: -

Trust: 0.6

vendor:lenovomodel:vibe k80mscope: - version: -

Trust: 0.6

vendor:googlemodel:androidscope:eqversion:5.1.1

Trust: 0.6

sources: CNVD: CNVD-2017-14024 // JVNDB: JVNDB-2017-005177 // CNNVD: CNNVD-201706-1219 // NVD: CVE-2017-3750

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-3750
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-3750
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-14024
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201706-1219
value: MEDIUM

Trust: 0.6

VULMON: CVE-2017-3750
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-3750
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-14024
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-3750
baseSeverity: MEDIUM
baseScore: 6.4
vectorString: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.5
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-14024 // VULMON: CVE-2017-3750 // JVNDB: JVNDB-2017-005177 // CNNVD: CNNVD-201706-1219 // NVD: CVE-2017-3750

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.8

sources: JVNDB: JVNDB-2017-005177 // NVD: CVE-2017-3750

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201706-1219

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201706-1219

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-005177

PATCH
title:トップページurl:https://www.android.com/intl/ja_jp/phones/
Trust: 0.8
title:VIBE Seriesurl:http://www3.lenovo.com/in/en/smartphones/smartphone-vibe-series/c/smartphone-vibe-series
Trust: 0.8
title:Patches for several LenovoVIBE mobile rights access vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/97884
Trust: 0.6
title:Multiple Lenovo VIBE Fixes for mobile rights permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71357
Trust: 0.6
title:Fireeye Threat Researchurl:https://www.fireeye.com/blog/threat-research/2017/05/gaining-root-on-lenovo-vibe.html
Trust: 0.2
sources:
            
            
            CNVD: CNVD-2017-14024 // 
            
            
            
            VULMON: CVE-2017-3750 // 
            
            
            
            JVNDB: JVNDB-2017-005177 // 
            
            
            
            CNNVD: CNNVD-201706-1219

EXTERNAL IDS
db:NVDid:CVE-2017-3750
Trust: 3.1
db:LENOVOid:LEN-15823
Trust: 2.3
db:JVNDBid:JVNDB-2017-005177
Trust: 0.8
db:CNVDid:CNVD-2017-14024
Trust: 0.6
db:CNNVDid:CNNVD-201706-1219
Trust: 0.6
db:VULMONid:CVE-2017-3750
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-14024 // 
            
            
            
            VULMON: CVE-2017-3750 // 
            
            
            
            JVNDB: JVNDB-2017-005177 // 
            
            
            
            CNNVD: CNNVD-201706-1219 // 
            
            
            
            NVD: CVE-2017-3750

REFERENCES
url:https://support.lenovo.com/us/en/product_security/len-15823
Trust: 2.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3750
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-3750
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.fireeye.com/blog/threat-research/2017/05/gaining-root-on-lenovo-vibe.html
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-14024 // 
            
            
            
            VULMON: CVE-2017-3750 // 
            
            
            
            JVNDB: JVNDB-2017-005177 // 
            
            
            
            CNNVD: CNNVD-201706-1219 // 
            
            
            
            NVD: CVE-2017-3750

SOURCES
db:CNVDid:CNVD-2017-14024
db:VULMONid:CVE-2017-3750
db:JVNDBid:JVNDB-2017-005177
db:CNNVDid:CNNVD-201706-1219
db:NVDid:CVE-2017-3750

LAST UPDATE DATE
2025-04-20T23:29:41.227000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-14024date:2017-07-12T00:00:00
db:VULMONid:CVE-2017-3750date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-005177date:2017-07-20T00:00:00
db:CNNVDid:CNNVD-201706-1219date:2019-10-23T00:00:00
db:NVDid:CVE-2017-3750date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-14024date:2017-07-12T00:00:00
db:VULMONid:CVE-2017-3750date:2017-06-29T00:00:00
db:JVNDBid:JVNDB-2017-005177date:2017-07-20T00:00:00
db:CNNVDid:CNNVD-201706-1219date:2017-06-30T00:00:00
db:NVDid:CVE-2017-3750date:2017-06-29T15:29:00.253