Sign-up

ID

VAR-201710-0734


CVE

CVE-2017-3761


TITLE

Lenovo Service Framework Android Command injection vulnerability in applications

Trust: 0.8

sources: JVNDB: JVNDB-2017-009372

DESCRIPTION

The Lenovo Service Framework Android application executes some system commands without proper sanitization of external input. In certain cases, this could lead to command injection which, in turn, could lead to remote code execution. A remote attacker can exploit this vulnerability to inject commands and execute code

Trust: 1.8

sources: NVD: CVE-2017-3761 // JVNDB: JVNDB-2017-009372 // VULHUB: VHN-111964 // VULMON: CVE-2017-3761

AFFECTED PRODUCTS

vendor:lenovomodel:service frameworkscope:eqversion: -

Trust: 1.6

vendor:lenovomodel:service frameworkscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2017-009372 // CNNVD: CNNVD-201710-587 // NVD: CVE-2017-3761

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-3761
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-3761
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201710-587
value: CRITICAL

Trust: 0.6

VULHUB: VHN-111964
value: HIGH

Trust: 0.1

VULMON: CVE-2017-3761
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-3761
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-111964
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-3761
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-111964 // VULMON: CVE-2017-3761 // JVNDB: JVNDB-2017-009372 // CNNVD: CNNVD-201710-587 // NVD: CVE-2017-3761

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:CWE-77

Trust: 0.9

sources: VULHUB: VHN-111964 // JVNDB: JVNDB-2017-009372 // NVD: CVE-2017-3761

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-587

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201710-587

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009372

PATCH
title:LEN-15374url:https://support.lenovo.com/uu/en/product_security/len-15374
Trust: 0.8
title:Lenovo Service Framework Android Fixes for application security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75631
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-009372 // 
            
            
            
            CNNVD: CNNVD-201710-587

EXTERNAL IDS
db:NVDid:CVE-2017-3761
Trust: 2.6
db:LENOVOid:LEN-15374
Trust: 1.8
db:JVNDBid:JVNDB-2017-009372
Trust: 0.8
db:CNNVDid:CNNVD-201710-587
Trust: 0.7
db:VULHUBid:VHN-111964
Trust: 0.1
db:VULMONid:CVE-2017-3761
Trust: 0.1
sources:
            
            
            VULHUB: VHN-111964 // 
            
            
            
            VULMON: CVE-2017-3761 // 
            
            
            
            JVNDB: JVNDB-2017-009372 // 
            
            
            
            CNNVD: CNNVD-201710-587 // 
            
            
            
            NVD: CVE-2017-3761

REFERENCES
url:https://support.lenovo.com/us/en/product_security/len-15374
Trust: 1.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3761
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-3761
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/78.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-111964 // 
            
            
            
            VULMON: CVE-2017-3761 // 
            
            
            
            JVNDB: JVNDB-2017-009372 // 
            
            
            
            CNNVD: CNNVD-201710-587 // 
            
            
            
            NVD: CVE-2017-3761

SOURCES
db:VULHUBid:VHN-111964
db:VULMONid:CVE-2017-3761
db:JVNDBid:JVNDB-2017-009372
db:CNNVDid:CNNVD-201710-587
db:NVDid:CVE-2017-3761

LAST UPDATE DATE
2025-04-20T23:19:49.489000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-111964date:2019-10-03T00:00:00
db:VULMONid:CVE-2017-3761date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-009372date:2017-11-09T00:00:00
db:CNNVDid:CNNVD-201710-587date:2019-10-23T00:00:00
db:NVDid:CVE-2017-3761date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-111964date:2017-10-17T00:00:00
db:VULMONid:CVE-2017-3761date:2017-10-17T00:00:00
db:JVNDBid:JVNDB-2017-009372date:2017-11-09T00:00:00
db:CNNVDid:CNNVD-201710-587date:2017-10-27T00:00:00
db:NVDid:CVE-2017-3761date:2017-10-17T20:29:00.370