1. Home
  2. CVE Database
  3. CVE-2017-3749
MEDIUM · 6.4

CVE-2017-3749

On Lenovo VIBE mobile phones, the Idea Friend Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in c...

Vulnerability Description

On Lenovo VIBE mobile phones, the Idea Friend Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3750.

CVSS Score

6.4

MEDIUM

CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
PHYSICAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
GoogleAndroid<= 5.1.1
LenovoVibe A1600-
LenovoVibe A2560-
LenovoVibe A2800-
LenovoVibe A2860-
LenovoVibe A2880-
LenovoVibe A3000-
LenovoVibe A3500-
LenovoVibe A3600-D-
LenovoVibe A3600U-
LenovoVibe A3800-D-
LenovoVibe A3900-
LenovoVibe A6000-
LenovoVibe A6000-I-
LenovoVibe A6020I37-
LenovoVibe A6600-
LenovoVibe A6800-
LenovoVibe K30-E-
LenovoVibe K30-W-Cu-
LenovoVibe K32C30-

References

FAQ

What is CVE-2017-3749?

CVE-2017-3749 is a vulnerability with a CVSS score of 6.4 (MEDIUM). On Lenovo VIBE mobile phones, the Idea Friend Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in c...

How severe is CVE-2017-3749?

CVE-2017-3749 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-3749?

Check the references section above for vendor advisories and patch information. Affected products include: Google Android, Lenovo Vibe A1600, Lenovo Vibe A2560, Lenovo Vibe A2800, Lenovo Vibe A2860.