Sign-up

ID

VAR-201710-0733


CVE

CVE-2017-3760


TITLE

Lenovo Service Framework Android Application / Certificate / Password Management Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-009464

DESCRIPTION

The Lenovo Service Framework Android application uses a set of nonsecure credentials when performing integrity verification of downloaded applications and/or data. This exposes the application to man-in-the-middle attacks leading to possible remote code execution. Lenovo Service Framework Android The application contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Trust: 1.71

sources: NVD: CVE-2017-3760 // JVNDB: JVNDB-2017-009464 // VULHUB: VHN-111963

AFFECTED PRODUCTS

vendor:lenovomodel:service frameworkscope:eqversion: -

Trust: 1.6

vendor:lenovomodel:service frameworkscope:eqversion:android application

Trust: 0.8

sources: JVNDB: JVNDB-2017-009464 // CNNVD: CNNVD-201710-588 // NVD: CVE-2017-3760

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-3760
value: HIGH

Trust: 1.0

NVD: CVE-2017-3760
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201710-588
value: HIGH

Trust: 0.6

VULHUB: VHN-111963
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-3760
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-111963
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-3760
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-111963 // JVNDB: JVNDB-2017-009464 // CNNVD: CNNVD-201710-588 // NVD: CVE-2017-3760

PROBLEMTYPE DATA

problemtype:CWE-354

Trust: 1.1

problemtype:CWE-522

Trust: 1.1

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-111963 // JVNDB: JVNDB-2017-009464 // NVD: CVE-2017-3760

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-588

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201710-588

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009464

PATCH
title:LEN-15374url:https://support.lenovo.com/jp/ja/product_security/len-15374
Trust: 0.8
title:Lenovo Service Framework Android Fixes for application security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75632
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-009464 // 
            
            
            
            CNNVD: CNNVD-201710-588

EXTERNAL IDS
db:NVDid:CVE-2017-3760
Trust: 2.5
db:LENOVOid:LEN-15374
Trust: 1.7
db:JVNDBid:JVNDB-2017-009464
Trust: 0.8
db:CNNVDid:CNNVD-201710-588
Trust: 0.7
db:VULHUBid:VHN-111963
Trust: 0.1
sources:
            
            
            VULHUB: VHN-111963 // 
            
            
            
            JVNDB: JVNDB-2017-009464 // 
            
            
            
            CNNVD: CNNVD-201710-588 // 
            
            
            
            NVD: CVE-2017-3760

REFERENCES
url:https://support.lenovo.com/us/en/product_security/len-15374
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3760
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-3760
Trust: 0.8
sources:
            
            
            VULHUB: VHN-111963 // 
            
            
            
            JVNDB: JVNDB-2017-009464 // 
            
            
            
            CNNVD: CNNVD-201710-588 // 
            
            
            
            NVD: CVE-2017-3760

SOURCES
db:VULHUBid:VHN-111963
db:JVNDBid:JVNDB-2017-009464
db:CNNVDid:CNNVD-201710-588
db:NVDid:CVE-2017-3760

LAST UPDATE DATE
2025-04-20T23:19:49.543000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-111963date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-009464date:2017-11-13T00:00:00
db:CNNVDid:CNNVD-201710-588date:2019-10-23T00:00:00
db:NVDid:CVE-2017-3760date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-111963date:2017-10-17T00:00:00
db:JVNDBid:JVNDB-2017-009464date:2017-11-13T00:00:00
db:CNNVDid:CNNVD-201710-588date:2017-10-27T00:00:00
db:NVDid:CVE-2017-3760date:2017-10-17T20:29:00.323