7.8

CVE-2017-3756

A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems versions earlier than 1.82.0.17. An attacker with local privileges could execute code with administrative privileges via an unquoted service path.

Data is provided by the National Vulnerability Database (NVD)
LenovoThinkpad 13e Version-
LenovoThinkpad E450 Version-
LenovoThinkpad E450c Version-
LenovoThinkpad E455 Version-
LenovoThinkpad E460 Version-
LenovoThinkpad E465 Version-
LenovoThinkpad E550 Version-
LenovoThinkpad E550c Version-
LenovoThinkpad E555 Version-
LenovoThinkpad E560 Version-
LenovoThinkpad E565 Version-
LenovoThinkpad L440 Version-
LenovoThinkpad L450 Version-
LenovoThinkpad L460 Version-
LenovoThinkpad L540 Version-
LenovoThinkpad L560 Version-
LenovoThinkpad P50 Version-
LenovoThinkpad P50s Version-
LenovoThinkpad P70 Version-
LenovoThinkpad S540 Version-
LenovoThinkpad T440 Version-
LenovoThinkpad T440p Version-
LenovoThinkpad T440s Version-
LenovoThinkpad T440u Version-
LenovoThinkpad T450 Version-
LenovoThinkpad T450s Version-
LenovoThinkpad T460 Version-
LenovoThinkpad T460p Version-
LenovoThinkpad T460s Version-
LenovoThinkpad T540 Version-
LenovoThinkpad T540p Version-
LenovoThinkpad T550 Version-
LenovoThinkpad T560 Version-
LenovoThinkpad W540 Version-
LenovoThinkpad W541 Version-
LenovoThinkpad W550s Version-
LenovoThinkpad X240 Version-
LenovoThinkpad X240s Version-
LenovoThinkpad X260 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.06% 0.204
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
http://www.securityfocus.com/bid/100305
Third Party Advisory
VDB Entry