CVE-2017-3748

On Lenovo VIBE mobile phones, improper access controls on the nac_server component can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user (commonly known as 'rooting' or "jail breaking" a device).
References
Link Resource
https://support.lenovo.com/us/en/product_security/LEN-15823 Mitigation Vendor Advisory
http://www.securityfocus.com/bid/99295 Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
OR cpe:2.3:h:lenovo:vibe_a3600-d:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:vibe_a3600u:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:vibe_a3800-d:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:vibe_a3900:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:vibe_a2560:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:vibe_a6800:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:vibe_k30-e:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:vibe_k30-w-cu:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:vibe_k32c30:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:vibe_a2800:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:vibe_a2880:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:vibe_a1600:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:vibe_k80m:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:vibe_a6000:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:vibe_a6020i37:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:vibe_a3500:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:vibe_a6600:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:vibe_a6000-i:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:vibe_a2860:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:vibe_a3000:-:*:*:*:*:*:*:*

Information

Published : 2017-06-29 08:29

Updated : 2019-10-02 17:03


NVD link : CVE-2017-3748

Mitre link : CVE-2017-3748


JSON object : View

Advertisement

dedicated server usa

Products Affected

lenovo

  • vibe_a3900
  • vibe_k30-e
  • vibe_a2880
  • vibe_a3600u
  • vibe_a1600
  • vibe_a2560
  • vibe_k30-w-cu
  • vibe_k32c30
  • vibe_a3500
  • vibe_a3000
  • vibe_a6600
  • vibe_k80m
  • vibe_a2860
  • vibe_a6800
  • vibe_a6000-i
  • vibe_a3600-d
  • vibe_a3800-d
  • vibe_a6020i37
  • vibe_a2800
  • vibe_a6000

google

  • android