Details of VAR-201708-0551

ID

VAR-201708-0551

CVE

CVE-2017-3746

TITLE

ThinkPad USB 3.0 Vulnerability related to access control in Ethernet adapter driver

Trust: 0.8

sources: JVNDB: JVNDB-2017-007722

DESCRIPTION

ThinkPad USB 3.0 Ethernet Adapter (part number 4X90E51405) driver, various versions, was found to contain a privilege escalation vulnerability that could allow a local user to execute arbitrary code with administrative or system level privileges. ThinkPad USB 3.0 The Ethernet adapter driver contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo ThinkPad USB 3.0 Ethernet Adapter is prone to a local privilege-escalation vulnerability

Trust: 1.98

sources: NVD: CVE-2017-3746 // JVNDB: JVNDB-2017-007722 // BID: 100520 // VULHUB: VHN-111949

AFFECTED PRODUCTS

vendor:	lenovo	model:	thinkpad usb 3.0 ethernet adapter driver	scope:	eq	version:	-	Trust: 1.6
vendor:	lenovo	model:	thinkpad usb 3.0 ethernet adapter driver	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	thinkpad usb ethernet adapter driver	scope:	eq	version:	3.00	Trust: 0.3
vendor:	lenovo	model:	thinkpad usb ethernet adapter driver	scope:	ne	version:	3.08.37.321.2017	Trust: 0.3
vendor:	lenovo	model:	thinkpad usb ethernet adapter driver	scope:	ne	version:	3.07.30.321.2017	Trust: 0.3
vendor:	lenovo	model:	thinkpad usb ethernet adapter driver	scope:	ne	version:	3.010.16.321.2017	Trust: 0.3

sources: BID: 100520 // JVNDB: JVNDB-2017-007722 // CNNVD: CNNVD-201708-1365 // NVD: CVE-2017-3746

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-3746
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-3746
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201708-1365
value:	HIGH
Trust: 0.6
VULHUB:	VHN-111949
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-3746
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-111949
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-3746
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-111949 // JVNDB: JVNDB-2017-007722 // CNNVD: CNNVD-201708-1365 // NVD: CVE-2017-3746

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-284	Trust: 0.9

sources: VULHUB: VHN-111949 // JVNDB: JVNDB-2017-007722 // NVD: CVE-2017-3746

THREAT TYPE

local

Trust: 0.9

sources: BID: 100520 // CNNVD: CNNVD-201708-1365

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201708-1365

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-007722

PATCH

title:	LEN-9896	url:	https://support.lenovo.com/jp/ja/product_security/len-9896	Trust: 0.8
title:	Lenovo ThinkPad USB 3.0 Ethernet Adapter Fixes for driver permission and access control vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74490	Trust: 0.6

sources: JVNDB: JVNDB-2017-007722 // CNNVD: CNNVD-201708-1365

EXTERNAL IDS

db:	NVD	id:	CVE-2017-3746	Trust: 2.8
db:	LENOVO	id:	LEN-9896	Trust: 2.0
db:	BID	id:	100520	Trust: 2.0
db:	JVNDB	id:	JVNDB-2017-007722	Trust: 0.8
db:	CNNVD	id:	CNNVD-201708-1365	Trust: 0.7
db:	VULHUB	id:	VHN-111949	Trust: 0.1

sources: VULHUB: VHN-111949 // BID: 100520 // JVNDB: JVNDB-2017-007722 // CNNVD: CNNVD-201708-1365 // NVD: CVE-2017-3746

REFERENCES

url:	https://support.lenovo.com/us/en/product_security/len-9896	Trust: 2.0
url:	http://www.securityfocus.com/bid/100520	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3746	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3746	Trust: 0.8
url:	http://www.lenovo.com/ca/en/	Trust: 0.3

sources: VULHUB: VHN-111949 // BID: 100520 // JVNDB: JVNDB-2017-007722 // CNNVD: CNNVD-201708-1365 // NVD: CVE-2017-3746

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 100520

SOURCES

db:	VULHUB	id:	VHN-111949
db:	BID	id:	100520
db:	JVNDB	id:	JVNDB-2017-007722
db:	CNNVD	id:	CNNVD-201708-1365
db:	NVD	id:	CVE-2017-3746

LAST UPDATE DATE

2025-04-20T23:29:35.218000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-111949	date:	2019-10-03T00:00:00
db:	BID	id:	100520	date:	2017-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2017-007722	date:	2017-10-02T00:00:00
db:	CNNVD	id:	CNNVD-201708-1365	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-3746	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-111949	date:	2017-08-29T00:00:00
db:	BID	id:	100520	date:	2017-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2017-007722	date:	2017-10-02T00:00:00
db:	CNNVD	id:	CNNVD-201708-1365	date:	2017-08-28T00:00:00
db:	NVD	id:	CVE-2017-3746	date:	2017-08-29T01:35:13.767