Sign-up

ID

VAR-201708-0552


CVE

CVE-2017-3751


TITLE

Track point installed ThinkPad compact USB Vulnerability related to unquoted search paths or elements in keyboard drivers

Trust: 0.8

sources: JVNDB: JVNDB-2017-007210

DESCRIPTION

An unquoted service path vulnerability was identified in the driver for the ThinkPad Compact USB Keyboard with TrackPoint versions earlier than 1.5.5.0. This could allow an attacker with local privileges to execute code with administrative privileges. ThinkPadCompactUSBKeyboardwithTrackPointDriver is a driver for a USB keyboard from Lenovo. An elevation of privilege vulnerability exists in versions prior to ThinkPadCompactUSBKeyboardwithTrackPointDriver 1.5.5.0

Trust: 2.52

sources: NVD: CVE-2017-3751 // JVNDB: JVNDB-2017-007210 // CNVD: CNVD-2017-28412 // BID: 100313 // VULHUB: VHN-111954

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-28412

AFFECTED PRODUCTS

vendor:lenovomodel:thinkpad compact usb keyboard driverscope:eqversion: -

Trust: 1.6

vendor:lenovomodel:thinkpad compact usb driver for keyboardscope:ltversion:1.5.5.0

Trust: 0.8

vendor:lenovomodel:thinkpad compact usb keyboard with trackpointscope:ltversion:1.5.5.0

Trust: 0.6

vendor:lenovomodel:thinkpad compact usb keyboardscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:thinkpad compact usb keyboardscope:neversion:1.5.5.0

Trust: 0.3

sources: CNVD: CNVD-2017-28412 // BID: 100313 // JVNDB: JVNDB-2017-007210 // CNNVD: CNNVD-201708-382 // NVD: CVE-2017-3751

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-3751
value: HIGH

Trust: 1.0

NVD: CVE-2017-3751
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-28412
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201708-382
value: HIGH

Trust: 0.6

VULHUB: VHN-111954
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-3751
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-28412
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-111954
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-3751
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-28412 // VULHUB: VHN-111954 // JVNDB: JVNDB-2017-007210 // CNNVD: CNNVD-201708-382 // NVD: CVE-2017-3751

PROBLEMTYPE DATA

problemtype:CWE-428

Trust: 1.9

sources: VULHUB: VHN-111954 // JVNDB: JVNDB-2017-007210 // NVD: CVE-2017-3751

THREAT TYPE

local

Trust: 0.9

sources: BID: 100313 // CNNVD: CNNVD-201708-382

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201708-382

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-007210

PATCH
title:LEN-15061url:https://support.lenovo.com/jp/ja/product_security/len-15061
Trust: 0.8
title:ThinkPadCompactUSBKeyboardwithTrackPoint privilege patchurl:https://www.cnvd.org.cn/patchInfo/show/102847
Trust: 0.6
title:ThinkPad Compact USB Keyboard with TrackPoint Driver Fixes for permission permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=73848
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-28412 // 
            
            
            
            JVNDB: JVNDB-2017-007210 // 
            
            
            
            CNNVD: CNNVD-201708-382

EXTERNAL IDS
db:NVDid:CVE-2017-3751
Trust: 3.4
db:LENOVOid:LEN-15061
Trust: 2.6
db:JVNDBid:JVNDB-2017-007210
Trust: 0.8
db:CNNVDid:CNNVD-201708-382
Trust: 0.7
db:CNVDid:CNVD-2017-28412
Trust: 0.6
db:BIDid:100313
Trust: 0.4
db:VULHUBid:VHN-111954
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-28412 // 
            
            
            
            VULHUB: VHN-111954 // 
            
            
            
            BID: 100313 // 
            
            
            
            JVNDB: JVNDB-2017-007210 // 
            
            
            
            CNNVD: CNNVD-201708-382 // 
            
            
            
            NVD: CVE-2017-3751

REFERENCES
url:https://support.lenovo.com/us/en/product_security/len-15061
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3751
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-3751
Trust: 0.8
url:https://support.lenovo.com/us/zh/product_security/len-15061
Trust: 0.6
url:http://www.lenovo.com/ca/en/
Trust: 0.3
url:https://support.lenovo.com/us/en/solutions/pd026745
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-28412 // 
            
            
            
            VULHUB: VHN-111954 // 
            
            
            
            BID: 100313 // 
            
            
            
            JVNDB: JVNDB-2017-007210 // 
            
            
            
            CNNVD: CNNVD-201708-382 // 
            
            
            
            NVD: CVE-2017-3751

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 100313

SOURCES
db:CNVDid:CNVD-2017-28412
db:VULHUBid:VHN-111954
db:BIDid:100313
db:JVNDBid:JVNDB-2017-007210
db:CNNVDid:CNNVD-201708-382
db:NVDid:CVE-2017-3751

LAST UPDATE DATE
2025-04-20T23:42:10.580000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-28412date:2017-09-26T00:00:00
db:VULHUBid:VHN-111954date:2017-08-24T00:00:00
db:BIDid:100313date:2017-07-27T00:00:00
db:JVNDBid:JVNDB-2017-007210date:2017-09-13T00:00:00
db:CNNVDid:CNNVD-201708-382date:2017-08-25T00:00:00
db:NVDid:CVE-2017-3751date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-28412date:2017-09-26T00:00:00
db:VULHUBid:VHN-111954date:2017-08-10T00:00:00
db:BIDid:100313date:2017-07-27T00:00:00
db:JVNDBid:JVNDB-2017-007210date:2017-09-13T00:00:00
db:CNNVDid:CNNVD-201708-382date:2017-08-25T00:00:00
db:NVDid:CVE-2017-3751date:2017-08-10T00:29:00.183