1. Home
  2. CVE Database
  3. CVE-2017-3753
MEDIUM · 6.8

CVE-2017-3753

A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. (AMI). With this vulnerability, conditions exist where an attacker with adm...

Vulnerability Description

A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. (AMI). With this vulnerability, conditions exist where an attacker with administrative privileges or physical access to a system may be able to run specially crafted code that can allow them to bypass system protections such as Device Guard and Hyper-V.

CVSS Score

6.8

MEDIUM

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
LenovoIdeacentre 300-20Ish Firmware-
LenovoIdeacentre 300-20Ish-
LenovoIdeacentre 300S-11Ish Firmware-
LenovoIdeacentre 300S-11Ish-
LenovoIdeacentre 510S-08Ish Firmware-
LenovoIdeacentre 510S-08Ish-
LenovoIdeacentre 700 Firmware-
LenovoIdeacentre 700-
Lenovo63 Firmwarefckt78a
Lenovo63-
LenovoH50-30G Firmwarefckt78a
LenovoH50-30G-
LenovoM4500 Firmwarefckt78a
LenovoM4500-
LenovoM4500 Id Firmwarefckt78a
LenovoM4500 Id-
LenovoM4550 Id Firmwarefckt78a
LenovoM4550 Id-
LenovoS500 Firmwarem0kkt24a
LenovoS500-

Related Weaknesses (CWE)

CWE-94

References

FAQ

What is CVE-2017-3753?

CVE-2017-3753 is a vulnerability with a CVSS score of 6.8 (MEDIUM). A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. (AMI). With this vulnerability, conditions exist where an attacker with adm...

How severe is CVE-2017-3753?

CVE-2017-3753 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-3753?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Ideacentre 300-20Ish Firmware, Lenovo Ideacentre 300-20Ish, Lenovo Ideacentre 300S-11Ish Firmware, Lenovo Ideacentre 300S-11Ish, Lenovo Ideacentre 510S-08Ish Firmware.