CVE-2017-3743

EPSS 0.35%
Published 20.06.2017 00:29:00
Last modified 20.04.2025 01:37:25
Source psirt@lenovo.com
Teams watchlist Login
Open Login

If multiple users are concurrently logged into a single system where one user is sending a command via the Lenovo ToolsCenter Advanced Settings Utility (ASU), UpdateXpress System Pack Installer (UXSPI) or Dynamic System Analysis (DSA) to a second machine, the other users may be able to see the user ID and clear text password that were used to access the second machine during the time the command is processing.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Lenovo ≫ Advanced Settings Utility Version <= 10.1

Lenovo ≫ Toolscenter Dynamic System Analysis Version <= 10.2

Lenovo ≫ Updatexpress System Pack Installer Version <= 10.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.35%	0.547

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	1.6	5.9	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://support.lenovo.com/us/en/product_security/LEN-10810

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-3743

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-3743

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-3743

EUVD