CVE-2017-3743

EPSS 0.35%
Veröffentlicht 20.06.2017 00:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle psirt@lenovo.com
Teams Watchlist Login
Unerledigt Login

If multiple users are concurrently logged into a single system where one user is sending a command via the Lenovo ToolsCenter Advanced Settings Utility (ASU), UpdateXpress System Pack Installer (UXSPI) or Dynamic System Analysis (DSA) to a second machine, the other users may be able to see the user ID and clear text password that were used to access the second machine during the time the command is processing.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Lenovo ≫ Advanced Settings Utility Version <= 10.1

Lenovo ≫ Toolscenter Dynamic System Analysis Version <= 10.2

Lenovo ≫ Updatexpress System Pack Installer Version <= 10.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.35%	0.547

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	1.6	5.9	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://support.lenovo.com/us/en/product_security/LEN-10810

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-3743

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-3743

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-3743

EUVD