On Lenovo VIBE mobile phones, improper access controls on the nac_server component can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user (commonly known as 'rooting' or "jail breaking" a device).
References
Link | Resource |
---|---|
https://support.lenovo.com/us/en/product_security/LEN-15823 | Mitigation Vendor Advisory |
http://www.securityfocus.com/bid/99295 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2017-06-29 08:29
Updated : 2019-10-02 17:03
NVD link : CVE-2017-3748
Mitre link : CVE-2017-3748
JSON object : View
CWE
Products Affected
lenovo
- vibe_a3900
- vibe_k30-e
- vibe_a2880
- vibe_a3600u
- vibe_a1600
- vibe_a2560
- vibe_k30-w-cu
- vibe_k32c30
- vibe_a3500
- vibe_a3000
- vibe_a6600
- vibe_k80m
- vibe_a2860
- vibe_a6800
- vibe_a6000-i
- vibe_a3600-d
- vibe_a3800-d
- vibe_a6020i37
- vibe_a2800
- vibe_a6000
- android