CVE-2017-3746 — HIGH (7.8) — White Hats Nepal

Vulnerability Description

ThinkPad USB 3.0 Ethernet Adapter (part number 4X90E51405) driver, various versions, was found to contain a privilege escalation vulnerability that could allow a local user to execute arbitrary code with administrative or system level privileges.

CVSS Score

7.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Lenovo	Thinkpad Usb 3.0 Ethernet Adapter Driver	-

References

http://www.securityfocus.com/bid/100520Third Party AdvisoryVDB Entry
https://support.lenovo.com/us/en/product_security/LEN-9896PatchVendor Advisory
http://www.securityfocus.com/bid/100520Third Party AdvisoryVDB Entry
https://support.lenovo.com/us/en/product_security/LEN-9896PatchVendor Advisory

FAQ

What is CVE-2017-3746?

CVE-2017-3746 is a vulnerability with a CVSS score of 7.8 (HIGH). ThinkPad USB 3.0 Ethernet Adapter (part number 4X90E51405) driver, various versions, was found to contain a privilege escalation vulnerability that could allow a local user to execute arbitrary code w...

How severe is CVE-2017-3746?

CVE-2017-3746 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-3746?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Thinkpad Usb 3.0 Ethernet Adapter Driver.