CVE-2017-3767

A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1.8224 in some Lenovo ThinkPad products. An attacker with local privileges could execute code with administrative privileges.

CVSS v3.0 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3.0 : HIGH

V3 Legend

Vector : AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://support.lenovo.com/us/en/product_security/LEN-15759	Issue Tracking Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:realtek:audio_driver_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:lenovo:thinkpad_10:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_11e:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_s1:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_s1_yoga:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_s1_yoga_12:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_t440:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_t560:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_t570:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_w540:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_w541:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_w550s:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_yoga_11e:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_x1_yoga:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_x1_tablet:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_t540p:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_t440s:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_t550:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_t440p:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_p50s:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_l450:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_p70:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_t450s:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_x1_carbon:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_t450:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_13:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_s2:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_p51s:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_p71:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_t470p:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_t470s_skl:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_x1c:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_x270_kbl:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_x270_skl:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_t460:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_l460:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_l560:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_x260:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_x240:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_x240s:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_t460p:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_p50:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_t460s:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_l470_kbl:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_l470_skl:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_t470:-:::::::*
	cpe:2.3:h:lenovo:thinkpad_x250:-:::::::*

Information

Published : 2017-11-13 08:29

Updated : 2019-10-02 17:03

NVD link : CVE-2017-3767

Mitre link : CVE-2017-3767

JSON object : View

CWE

NVD-CWE-noinfo

Products Affected

lenovo

thinkpad_11e
thinkpad_x260
thinkpad_l470_kbl
thinkpad_t470s_skl
thinkpad_l450
thinkpad_x1_carbon
thinkpad_x1_yoga
thinkpad_t440s
thinkpad_s1_yoga_12
thinkpad_13
thinkpad_s1
thinkpad_t450
thinkpad_yoga_11e
thinkpad_p70
thinkpad_t460s
thinkpad_w541
thinkpad_x270_kbl
thinkpad_t460
thinkpad_l460
thinkpad_p50s
thinkpad_p51s
thinkpad_w540
thinkpad_l470_skl
thinkpad_t450s
thinkpad_10
thinkpad_p71
thinkpad_x240
thinkpad_x1_tablet
thinkpad_t470p
thinkpad_x250
thinkpad_t570
thinkpad_s2
thinkpad_t460p
thinkpad_l560
thinkpad_x240s
thinkpad_t560
thinkpad_t550
thinkpad_s1_yoga
thinkpad_t440p
thinkpad_t440
thinkpad_w550s
thinkpad_t470
thinkpad_x1c
thinkpad_x270_skl
thinkpad_p50
thinkpad_t540p

realtek

audio_driver_firmware

7.8 /10