Sign-up

ID

VAR-201707-0275


CVE

CVE-2017-3742


TITLE

Windows and Android for Lenovo Connect2 Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-006004

DESCRIPTION

In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for this ad-hoc connection will be stored in a user-readable location. An attacker with read access to the user's contents could connect to the Connect2 hotspot and see the contents of files while they are being transferred between the two systems. Windows and Android for Lenovo Connect2 Contains an information disclosure vulnerability.Information may be obtained. Lenovo Connect2 is a free management tool for content transfer between computers and mobile phones provided by Lenovo in China

Trust: 1.71

sources: NVD: CVE-2017-3742 // JVNDB: JVNDB-2017-006004 // VULHUB: VHN-111945

AFFECTED PRODUCTS

vendor:lenovomodel:connect2scope:lteversion:4.2.5

Trust: 1.0

vendor:lenovomodel:connect2scope:ltversion:4.2.5.3071 (android)

Trust: 0.8

vendor:lenovomodel:connect2scope:ltversion:4.2.5.4885 (windows)

Trust: 0.8

vendor:lenovomodel:connect2scope:eqversion:4.2.5

Trust: 0.6

sources: JVNDB: JVNDB-2017-006004 // CNNVD: CNNVD-201707-652 // NVD: CVE-2017-3742

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-3742
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-3742
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201707-652
value: LOW

Trust: 0.6

VULHUB: VHN-111945
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-3742
severity: LOW
baseScore: 2.3
vectorString: AV:A/AC:M/AU:S/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 4.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-111945
severity: LOW
baseScore: 2.3
vectorString: AV:A/AC:M/AU:S/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 4.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-3742
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-111945 // JVNDB: JVNDB-2017-006004 // CNNVD: CNNVD-201707-652 // NVD: CVE-2017-3742

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-111945 // JVNDB: JVNDB-2017-006004 // NVD: CVE-2017-3742

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201707-652

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201707-652

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-006004

PATCH
title:LEN-14398url:https://support.lenovo.com/jp/ja/product_security/len-14398
Trust: 0.8
title:Lenovo Connect2 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71750
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-006004 // 
            
            
            
            CNNVD: CNNVD-201707-652

EXTERNAL IDS
db:NVDid:CVE-2017-3742
Trust: 2.5
db:LENOVOid:LEN-14398
Trust: 1.7
db:JVNDBid:JVNDB-2017-006004
Trust: 0.8
db:CNNVDid:CNNVD-201707-652
Trust: 0.7
db:VULHUBid:VHN-111945
Trust: 0.1
sources:
            
            
            VULHUB: VHN-111945 // 
            
            
            
            JVNDB: JVNDB-2017-006004 // 
            
            
            
            CNNVD: CNNVD-201707-652 // 
            
            
            
            NVD: CVE-2017-3742

REFERENCES
url:https://support.lenovo.com/us/en/product_security/len-14398
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3742
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-3742
Trust: 0.8
url:https://support.lenovo.com/us/zh/product_security/len-14398
Trust: 0.6
sources:
            
            
            VULHUB: VHN-111945 // 
            
            
            
            JVNDB: JVNDB-2017-006004 // 
            
            
            
            CNNVD: CNNVD-201707-652 // 
            
            
            
            NVD: CVE-2017-3742

SOURCES
db:VULHUBid:VHN-111945
db:JVNDBid:JVNDB-2017-006004
db:CNNVDid:CNNVD-201707-652
db:NVDid:CVE-2017-3742

LAST UPDATE DATE
2025-04-20T23:26:03.728000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-111945date:2017-07-27T00:00:00
db:JVNDBid:JVNDB-2017-006004date:2017-08-15T00:00:00
db:CNNVDid:CNNVD-201707-652date:2017-07-17T00:00:00
db:NVDid:CVE-2017-3742date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-111945date:2017-07-17T00:00:00
db:JVNDBid:JVNDB-2017-006004date:2017-08-15T00:00:00
db:CNNVDid:CNNVD-201707-652date:2017-07-17T00:00:00
db:NVDid:CVE-2017-3742date:2017-07-17T19:29:00.277