Sign-up

ID

VAR-201804-0421


CVE

CVE-2017-3776


TITLE

Lenovo Help Android Information disclosure vulnerability in mobile applications

Trust: 0.8

sources: JVNDB: JVNDB-2018-004325

DESCRIPTION

Lenovo Help Android mobile app versions earlier than 6.1.2.0327 allowed information to be transmitted over an HTTP channel, permitting others observing the channel to potentially see this information. An attacker could exploit this vulnerability to obtain information

Trust: 1.71

sources: NVD: CVE-2017-3776 // JVNDB: JVNDB-2018-004325 // VULHUB: VHN-111979

AFFECTED PRODUCTS

vendor:lenovomodel:helpscope:ltversion:6.1.2.0327

Trust: 1.8

sources: JVNDB: JVNDB-2018-004325 // NVD: CVE-2017-3776

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-3776
value: HIGH

Trust: 1.0

NVD: CVE-2017-3776
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201804-1123
value: MEDIUM

Trust: 0.6

VULHUB: VHN-111979
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-3776
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-111979
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-3776
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-111979 // JVNDB: JVNDB-2018-004325 // CNNVD: CNNVD-201804-1123 // NVD: CVE-2017-3776

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-111979 // JVNDB: JVNDB-2018-004325 // NVD: CVE-2017-3776

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-1123

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201804-1123

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-004325

PATCH
title:LEN-20475url:https://support.lenovo.com/jp/ja/product_security/len-20475
Trust: 0.8
title:Lenovo Help Android mobile Fixes for application security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81416
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-004325 // 
            
            
            
            CNNVD: CNNVD-201804-1123

EXTERNAL IDS
db:NVDid:CVE-2017-3776
Trust: 2.5
db:LENOVOid:LEN-20475
Trust: 1.7
db:JVNDBid:JVNDB-2018-004325
Trust: 0.8
db:CNNVDid:CNNVD-201804-1123
Trust: 0.6
db:VULHUBid:VHN-111979
Trust: 0.1
sources:
            
            
            VULHUB: VHN-111979 // 
            
            
            
            JVNDB: JVNDB-2018-004325 // 
            
            
            
            CNNVD: CNNVD-201804-1123 // 
            
            
            
            NVD: CVE-2017-3776

REFERENCES
url:https://support.lenovo.com/us/en/product_security/len-20475
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3776
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-3776
Trust: 0.8
sources:
            
            
            VULHUB: VHN-111979 // 
            
            
            
            JVNDB: JVNDB-2018-004325 // 
            
            
            
            CNNVD: CNNVD-201804-1123 // 
            
            
            
            NVD: CVE-2017-3776

SOURCES
db:VULHUBid:VHN-111979
db:JVNDBid:JVNDB-2018-004325
db:CNNVDid:CNNVD-201804-1123
db:NVDid:CVE-2017-3776

LAST UPDATE DATE
2024-11-23T22:06:56.491000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-111979date:2018-05-22T00:00:00
db:JVNDBid:JVNDB-2018-004325date:2018-06-18T00:00:00
db:CNNVDid:CNNVD-201804-1123date:2018-05-08T00:00:00
db:NVDid:CVE-2017-3776date:2024-11-21T03:26:06.843

SOURCES RELEASE DATE
db:VULHUBid:VHN-111979date:2018-04-19T00:00:00
db:JVNDBid:JVNDB-2018-004325date:2018-06-18T00:00:00
db:CNNVDid:CNNVD-201804-1123date:2018-04-19T00:00:00
db:NVDid:CVE-2017-3776date:2018-04-19T14:29:00.417