Vulnerabilites related to lenovo - rescuer_e520-15ikb
Vulnerability from fkie_nvd
Published
2017-07-17 19:29
Modified
2025-04-20 01:37
Severity ?
Summary
Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an attacker with physical or administrative access to a system to be able to flash the BIOS with an arbitrary image and potentially run malicious BIOS code.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:bios:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61D66F0D-6C60-4CF6-A509-C6FAC2E22F95",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:710s-13ikb\\/xiaoxin_air_13ikb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF203824-4977-4970-93FA-311FC0726DE8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:710s-13isk\\/xiaoxin_air_13:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA559DCA-5395-4205-916B-62A94E078788",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:k21-80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E56C7CE7-D4A0-4179-B65D-EA8EDA2F7299",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:k22-80\\/lenovo_v720-12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6817BA2D-2383-428F-941D-BCAC7A476818",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:k41-80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC9595C-D1DA-4769-9401-1D2430CE69CE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovo_ideapad_110-14ast:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63C6054-D0EE-4AED-B829-A2F676E89D86",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovo_ideapad_110-15ast:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E3F252A-E00B-40AA-8F02-7987D2102D4D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovo_ideapad_320-14ast:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD8431A-FFF2-4519-BCC3-80A8B76CC80E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovo_ideapad_320-15ast:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21481398-B4A5-4C7F-BA4F-A52D6C13756B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:lenovo_xiaoxin_rui7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94BA3B3C-0E21-4877-8B0D-11E5FEF12384",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:miix_710-12ikb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE26E1F-D6B8-4ECD-86DE-D492BBC1FE64",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:miix_720-12ikb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E7697B-53B4-4A2A-B285-0620962A0E4A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:notebook_320-17ast:-:*:*:*:*:*:*:*",
"matchCriteriaId": "719BD6FE-DB95-4096-9829-33536AD077C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:rescuer_e520-15ikb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CC1D30D-C105-4BAF-9085-7E5C8D253A23",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:v110-14iap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FAED167E-15AF-4B45-952C-113726BCFAE0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:v110-15iap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "972B1468-D71C-449C-B392-4A62BA9BF835",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:v110-15ikb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9423385C-5562-4578-9602-C85ED87CB530",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:v110-15isk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7C41B17-C208-4A3A-BCC5-F7D4046A9249",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:yoga_710-11ikb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A573B96D-E21C-4869-A6CE-FDB3926875CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an attacker with physical or administrative access to a system to be able to flash the BIOS with an arbitrary image and potentially run malicious BIOS code."
},
{
"lang": "es",
"value": "Algunos sistemas notebook de la marca Lenovo no tienen protecciones de escritura configuradas apropiadamente en el BIOS del sistema. Esto podr\u00eda permitir a un atacante con acceso f\u00edsico o administrativo a un sistema para ser capaz de flashear el BIOS con una imagen arbitraria y potencialmente ejecutar c\u00f3digo BIOS malicioso."
}
],
"id": "CVE-2017-3754",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-17T19:29:00.323",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-15084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-15084"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2017-3754 (GCVE-0-2017-3754)
Vulnerability from cvelistv5
Published
2017-07-17 19:00
Modified
2024-09-16 18:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- BIOS Write Protections Improperly Configured
Summary
Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an attacker with physical or administrative access to a system to be able to flash the BIOS with an arbitrary image and potentially run malicious BIOS code.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo Group Ltd. | Lenovo Notebook BIOS |
Version: Various |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:40.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-15084"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Lenovo Notebook BIOS",
"vendor": "Lenovo Group Ltd.",
"versions": [
{
"status": "affected",
"version": "Various"
}
]
}
],
"datePublic": "2017-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an attacker with physical or administrative access to a system to be able to flash the BIOS with an arbitrary image and potentially run malicious BIOS code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "BIOS Write Protections Improperly Configured",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-17T18:57:01",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-15084"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2017-07-13T00:00:00",
"ID": "CVE-2017-3754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Lenovo Notebook BIOS",
"version": {
"version_data": [
{
"version_value": "Various"
}
]
}
}
]
},
"vendor_name": "Lenovo Group Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an attacker with physical or administrative access to a system to be able to flash the BIOS with an arbitrary image and potentially run malicious BIOS code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "BIOS Write Protections Improperly Configured"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-15084",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/LEN-15084"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2017-3754",
"datePublished": "2017-07-17T19:00:00Z",
"dateReserved": "2016-12-16T00:00:00",
"dateUpdated": "2024-09-16T18:12:56.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}