7.2

CVE-2017-3753

A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. (AMI). With this vulnerability, conditions exist where an attacker with administrative privileges or physical access to a system may be able to run specially crafted code that can allow them to bypass system protections such as Device Guard and Hyper-V.

Data is provided by the National Vulnerability Database (NVD)
LenovoIdeacentre 700 Firmware Version-
   LenovoIdeacentre 700 Version-
Lenovo63 Firmware Versionfckt78a
   Lenovo63 Version-
LenovoH50-30g Firmware Versionfckt78a
   LenovoH50-30g Version-
LenovoM4500 Firmware Versionfckt78a
   LenovoM4500 Version-
LenovoM4500 Id Firmware Versionfckt78a
   LenovoM4500 Id Version-
LenovoM4550 Id Firmware Versionfckt78a
   LenovoM4550 Id Version-
LenovoS500 Firmware Versionm0kkt24a
   LenovoS500 Version-
LenovoV320-15iap Firmware Version-
   LenovoV320-15iap Version-
LenovoThinkcentre E73 Firmware Versionfckt78a
   LenovoThinkcentre E73 Version-
LenovoThinkcentre E73s Firmware Versionfckt78a
   LenovoThinkcentre E73s Version-
LenovoThinkcentre E74 Firmware Versionm05kt54a
   LenovoThinkcentre E74 Version-
LenovoThinkcentre E74s Firmware Versionm05kt54a
   LenovoThinkcentre E74s Version-
LenovoThinkcentre E79 Firmware Versionm0lkt12a
   LenovoThinkcentre E79 Version-
LenovoThinkcentre E93 Firmware Versionfbktc5a
   LenovoThinkcentre E93 Version-
LenovoThinkcentre M4500k Firmware Versionfckt78a
   LenovoThinkcentre M4500k Version-
LenovoThinkcentre M4500q Firmware Versionfhkt66a
   LenovoThinkcentre M4500q Version-
LenovoThinkcentre M600 Firmware Versionm00kt44a
   LenovoThinkcentre M600 Version-
LenovoThinkcentre M610 Firmware Version-
   LenovoThinkcentre M610 Version-
LenovoThinkcentre M6600 Firmware Versionfwkt39a
   LenovoThinkcentre M6600 Version-
LenovoThinkcentre M6600q Firmware Versionfwkt39a
   LenovoThinkcentre M6600q Version-
LenovoThinkcentre M700 Firmware Versionm05kt54a
   LenovoThinkcentre M700 Version-
LenovoThinkcentre M715q Firmware Version-
   LenovoThinkcentre M715q Version-
LenovoThinkcentre M72e Firmware Versionf1kt71a
   LenovoThinkcentre M72e Version-
LenovoThinkcentre M73 Firmware Versionfckt78a
   LenovoThinkcentre M73 Version-
LenovoThinkcentre M73p Firmware Versionfbktc5a
   LenovoThinkcentre M73p Version-
LenovoThinkcentre M79 Firmware Versionm0lkt12a
   LenovoThinkcentre M79 Version-
LenovoThinkcentre M800 Firmware Versionfwkt39a
   LenovoThinkcentre M800 Version-
LenovoThinkcentre M83 Firmware Versionfbktcga
   LenovoThinkcentre M83 Version-
LenovoThinkcentre M900 Firmware Versionfwkt39a
   LenovoThinkcentre M900 Version-
LenovoThinkcentre M910q Firmware Version-
   LenovoThinkcentre M910q Version-
LenovoThinkcentre M910x Firmware Version-
   LenovoThinkcentre M910x Version-
LenovoThinkcentre M92 Firmware Version9skt95a
   LenovoThinkcentre M92 Version-
LenovoThinkcentre M92p Firmware Version9skt95a
   LenovoThinkcentre M92p Version-
LenovoThinkcentre M93 Firmware Versionfbktc5a
   LenovoThinkcentre M93 Version-
LenovoThinkcentre M93p Firmware Versionfbktc5a
   LenovoThinkcentre M93p Version-
LenovoYangtian Afh110 Firmware Versionm05kt73a
   LenovoYangtian Afh110 Version-
LenovoYangtian Afh81 Firmware Versionfckt80a
   LenovoYangtian Afh81 Version-
LenovoYangtian Afq150 Firmware Versionfwkt57a
   LenovoYangtian Afq150 Version-
LenovoYangtian Mc Godavari Firmware Versionm0lkt13a
   LenovoYangtian Mc Godavari Version-
LenovoYangtian Mc H110 Firmware Versionm05kt61a
   LenovoYangtian Mc H110 Version-
LenovoYangtian Mc H81 Firmware Versionfckt80a
   LenovoYangtian Mc H81 Version-
LenovoIdeacentre 510s-23isu Firmware Versiono2ekt24a
   LenovoIdeacentre 510s-23isu Version-
LenovoS200z Firmware Versionm09kt33a
   LenovoS200z Version-
LenovoThinkcentre E74z Firmware Versionfvkt48a
   LenovoThinkcentre E74z Version-
LenovoThinkcentre Edge 62z Firmware Versionf8kt40a
   LenovoThinkcentre Edge 62z Version-
LenovoThinkcentre M700z Firmware Versionfvkt48a
   LenovoThinkcentre M700z Version-
LenovoThinkcentre M7200z Firmware Versionfgkt46a
   LenovoThinkcentre M7200z Version-
LenovoThinkcentre M7250z Firmware Versionfgkt46a
   LenovoThinkcentre M7250z Version-
LenovoThinkcentre M7300z Firmware Versionfvkt42a
   LenovoThinkcentre M7300z Version-
LenovoThinkcentre M800z Firmware Versionfvkt42a
   LenovoThinkcentre M800z Version-
LenovoThinkcentre M810z Firmware Version-
   LenovoThinkcentre M810z Version-
LenovoThinkcentre M8200z Firmware Versionfgkt46a
   LenovoThinkcentre M8200z Version-
LenovoThinkcentre M8250z Firmware Versionfgkt46a
   LenovoThinkcentre M8250z Version-
LenovoThinkcentre M8300z Firmware Versionfvkt42a
   LenovoThinkcentre M8300z Version-
LenovoThinkcentre M8350z Firmware Versionfvkt42a
   LenovoThinkcentre M8350z Version-
LenovoThinkcentre M900z Firmware Versionfukt39a
   LenovoThinkcentre M900z Version-
LenovoThinkcentre M9500z Firmware Versionfukt44a
   LenovoThinkcentre M9500z Version-
LenovoThinkcentre M9550z Firmware Versionfukt44a
   LenovoThinkcentre M9550z Version-
LenovoThinkcentre X1 Aio Firmware Versionm0hkt32a
   LenovoThinkcentre X1 Aio Version-
LenovoYangtian S3040 Firmware Versionfgkt49a
   LenovoYangtian S3040 Version-
LenovoYangtian S800 Firmware Versionffkt43a
   LenovoYangtian S3040 Version-
LenovoThinkserver Rd340 Firmware Version-
   LenovoThinkserver Rd340 Version-
LenovoThinkserver Rd440 Firmware Versiona0tsb5a
   LenovoThinkserver Rd440 Version-
LenovoThinkserver Rd540 Firmware Versiona1tsb5a
   LenovoThinkserver Rd540 Version-
LenovoThinkserver Rd640 Firmware Versiona1tsb5a
   LenovoThinkserver Rd540 Version-
LenovoThinkserver Rq750 Firmware Version7.05
   LenovoThinkserver Rq750 Version-
LenovoThinkserver Rs140 Firmware Versionfbkt91c
   LenovoThinkserver Rs140 Version-
LenovoThinkserver Td340 Firmware Versiona3tsb5a
   LenovoThinkserver Td340 Version-
LenovoThinkserver Ts140 Firmware Versionfbktc3a
   LenovoThinkserver Ts140 Version-
LenovoThinkserver Ts150 Firmware Versionfbktc3a
   LenovoThinkserver Ts150 Version-
LenovoThinkserver Ts240 Firmware Versionfbktc3a
   LenovoThinkserver Ts240 Version-
LenovoThinkserver Ts250 Firmware Version-
   LenovoThinkserver Ts250 Version-
LenovoThinkserver Ts450 Firmware Version-
   LenovoThinkserver Ts450 Version-
LenovoThinkserver Ts550 Firmware Version-
   LenovoThinkserver Ts550 Version-
LenovoThinkstation E31 Firmware Version9skt97a
   LenovoThinkstation E31 Version-
LenovoThinkstation E32 Firmware Versionfbktc6a
   LenovoThinkstation E32 Version-
LenovoThinkstation P300 Firmware Versionfbktc6a
   LenovoThinkstation P300 Version-
LenovoThinkstation P310 Firmware Versionfwkt57a
   LenovoThinkstation P310 Version-
LenovoThinkstation P320 Firmware Version-
   LenovoThinkstation P320 Version-
LenovoThinkstation P410 Firmware Version-
   LenovoThinkstation P410 Version-
LenovoThinkstation P500 Firmware Versiona4kt86a
   LenovoThinkstation P500 Version-
LenovoThinkstation P510 Firmware Version-
   LenovoThinkstation P510 Version-
LenovoThinkstation P700 Firmware Versiona5kt86a
   LenovoThinkstation P700 Version-
LenovoThinkstation P710 Firmware Version-
   LenovoThinkstation P710 Version-
LenovoThinkstation P900 Firmware Versiona6kt86a
   LenovoThinkstation P900 Version-
LenovoThinkstation P910 Firmware Version-
   LenovoThinkstation P910 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.05% 0.125
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.8 0.9 5.9
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.