CVE-2017-3775

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2017-3775
Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code.

6.4 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector : AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 0.5 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.9 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://support.lenovo.com/us/en/solutions/LEN-20241 Patch Vendor Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:lenovo:flex_system_x240_m5_bios:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:flex_system_x240_m5:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:lenovo:flex_system_x280_x6_bios:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:flex_system_x280_x6:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:lenovo:flex_system_x480_x6_bios:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:flex_system_x480_x6:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:lenovo:flex_system_x880_bios:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:flex_system_x880:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:lenovo:nextscale_nx360_m5_bios:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:nextscale_nx360_m5:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:lenovo:system_x3250_m6_bios:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:system_x3250_m6:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:lenovo:system_x3500_m5_bios:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:system_x3500_m5:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:lenovo:system_x3550_m5_bios:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:system_x3550_m5:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:lenovo:system_x3650_m5_bios:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:system_x3650_m5:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:lenovo:system_x3850_x6_bios:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:system_x3850_x6:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:lenovo:system_x3950_x6_bios:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:system_x3950_x6:-:*:*:*:*:*:*:*
Information

Published : 2018-05-04 10:29

Updated : 2018-06-13 08:58

NVD link : CVE-2017-3775

Mitre link : CVE-2017-3775

JSON object : View

CWE
CWE-287

Improper Authentication

Advertisement

dedicated server usa
Products Affected

lenovo

  • flex_system_x880_bios
  • system_x3250_m6_bios
  • flex_system_x880
  • system_x3500_m5_bios
  • system_x3650_m5
  • system_x3850_x6
  • flex_system_x280_x6
  • system_x3550_m5_bios
  • system_x3950_x6_bios
  • system_x3550_m5
  • nextscale_nx360_m5
  • system_x3500_m5
  • system_x3850_x6_bios
  • flex_system_x480_x6_bios
  • system_x3650_m5_bios
  • system_x3250_m6
  • nextscale_nx360_m5_bios
  • flex_system_x280_x6_bios
  • flex_system_x240_m5
  • flex_system_x240_m5_bios
  • flex_system_x480_x6
  • system_x3950_x6