1. Home
  2. CVE Database
  3. CVE-2017-3742
MEDIUM · 4.8

CVE-2017-3742

In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for thi...

Vulnerability Description

In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for this ad-hoc connection will be stored in a user-readable location. An attacker with read access to the user's contents could connect to the Connect2 hotspot and see the contents of files while they are being transferred between the two systems.

CVSS Score

4.8

MEDIUM

CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
LenovoConnect2<= 4.2.5
MicrosoftWindowsAll versions
GoogleAndroidAll versions

Related Weaknesses (CWE)

CWE-200

References

FAQ

What is CVE-2017-3742?

CVE-2017-3742 is a vulnerability with a CVSS score of 4.8 (MEDIUM). In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for thi...

How severe is CVE-2017-3742?

CVE-2017-3742 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-3742?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Connect2, Microsoft Windows, Google Android.