Details of VAR-201708-0550

ID

VAR-201708-0550

CVE

CVE-2017-3757

TITLE

ElanTech Touchpad Vulnerabilities related to unquoted search paths or elements

Trust: 0.8

sources: JVNDB: JVNDB-2017-007725

DESCRIPTION

An unquoted service path vulnerability was identified in the driver for the ElanTech Touchpad, various versions, used on some Lenovo brand notebooks (not ThinkPads). This could allow an attacker with local privileges to execute code with administrative privileges. ElanTech Touchpad Drivers contain vulnerabilities related to unquoted search paths or elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo300S-11IBR and other are notebook products of China Lenovo. ElanTechTouchpaddriver is one of the trackpad drivers. There are security holes in the ElanTechTouchpad driver in several Lenovo products

Trust: 2.16

sources: NVD: CVE-2017-3757 // JVNDB: JVNDB-2017-007725 // CNVD: CNVD-2017-32445

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-32445

AFFECTED PRODUCTS

vendor:	emc	model:	elan touchpad driver	scope:	lte	version:	11.4.1.6	Trust: 1.0
vendor:	dell emc old emc	model:	elantech touchpad driver	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	z70-80	scope:	-	version:	-	Trust: 0.6
vendor:	lenovo	model:	yoga 300-11iby	scope:	-	version:	-	Trust: 0.6
vendor:	lenovo	model:	yoga 300-11ibr	scope:	-	version:	-	Trust: 0.6
vendor:	lenovo	model:	flex	scope:	eq	version:	3-1120	Trust: 0.6
vendor:	lenovo	model:	flex	scope:	eq	version:	3-1130	Trust: 0.6
vendor:	lenovo	model:	300s-11ibr	scope:	-	version:	-	Trust: 0.6
vendor:	emc	model:	elan touchpad driver	scope:	eq	version:	11.4.1.6	Trust: 0.6

sources: CNVD: CNVD-2017-32445 // JVNDB: JVNDB-2017-007725 // CNNVD: CNNVD-201708-1364 // NVD: CVE-2017-3757

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-3757
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-3757
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-32445
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201708-1364
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2017-3757
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-32445
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-3757
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-32445 // JVNDB: JVNDB-2017-007725 // CNNVD: CNNVD-201708-1364 // NVD: CVE-2017-3757

PROBLEMTYPE DATA

problemtype:

CWE-428

Trust: 1.8

sources: JVNDB: JVNDB-2017-007725 // NVD: CVE-2017-3757

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201708-1364

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201708-1364

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-007725

PATCH

title:	LEN-14390	url:	https://support.lenovo.com/jp/en/product_security/len-14390	Trust: 0.8
title:	ドライバの詳細: Elantech TouchPad Driver	url:	http://www.dell.com/support/home/jp/ja/jpdhs1/Drivers/DriversDetails?driverId=P2WXC	Trust: 0.8
title:	Patches for various Lenovo ElanTechTouchpad driver privilege escalation vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/105232	Trust: 0.6
title:	Multiple Lenovo product ElanTech Touchpad Driver security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74489	Trust: 0.6

sources: CNVD: CNVD-2017-32445 // JVNDB: JVNDB-2017-007725 // CNNVD: CNNVD-201708-1364

EXTERNAL IDS

db:	NVD	id:	CVE-2017-3757	Trust: 3.0
db:	LENOVO	id:	LEN-14390	Trust: 2.2
db:	JVNDB	id:	JVNDB-2017-007725	Trust: 0.8
db:	CNVD	id:	CNVD-2017-32445	Trust: 0.6
db:	CNNVD	id:	CNNVD-201708-1364	Trust: 0.6

sources: CNVD: CNVD-2017-32445 // JVNDB: JVNDB-2017-007725 // CNNVD: CNNVD-201708-1364 // NVD: CVE-2017-3757

REFERENCES

url:	https://support.lenovo.com/us/en/product_security/len-14390	Trust: 2.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3757	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3757	Trust: 0.8

sources: CNVD: CNVD-2017-32445 // JVNDB: JVNDB-2017-007725 // CNNVD: CNNVD-201708-1364 // NVD: CVE-2017-3757

SOURCES

db:	CNVD	id:	CNVD-2017-32445
db:	JVNDB	id:	JVNDB-2017-007725
db:	CNNVD	id:	CNNVD-201708-1364
db:	NVD	id:	CVE-2017-3757

LAST UPDATE DATE

2025-04-20T23:34:19.340000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-32445	date:	2017-11-02T00:00:00
db:	JVNDB	id:	JVNDB-2017-007725	date:	2017-10-02T00:00:00
db:	CNNVD	id:	CNNVD-201708-1364	date:	2017-09-07T00:00:00
db:	NVD	id:	CVE-2017-3757	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-32445	date:	2017-11-02T00:00:00
db:	JVNDB	id:	JVNDB-2017-007725	date:	2017-10-02T00:00:00
db:	CNNVD	id:	CNNVD-201708-1364	date:	2017-08-28T00:00:00
db:	NVD	id:	CVE-2017-3757	date:	2017-08-29T01:35:13.797