Vulnerability Description
Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an attacker with physical or administrative access to a system to be able to flash the BIOS with an arbitrary image and potentially run malicious BIOS code.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lenovo | Bios | - |
| Lenovo | 710S-13Ikb\/Xiaoxin Air 13Ikb | - |
| Lenovo | 710S-13Isk\/Xiaoxin Air 13 | - |
| Lenovo | K21-80 | - |
| Lenovo | K22-80\/Lenovo V720-12 | - |
| Lenovo | K41-80 | - |
| Lenovo | Lenovo Ideapad 110-14Ast | - |
| Lenovo | Lenovo Ideapad 110-15Ast | - |
| Lenovo | Lenovo Ideapad 320-14Ast | - |
| Lenovo | Lenovo Ideapad 320-15Ast | - |
| Lenovo | Lenovo Xiaoxin Rui7000 | - |
| Lenovo | Miix 710-12Ikb | - |
| Lenovo | Miix 720-12Ikb | - |
| Lenovo | Notebook 320-17Ast | - |
| Lenovo | Rescuer E520-15Ikb | - |
| Lenovo | V110-14Iap | - |
| Lenovo | V110-15Iap | - |
| Lenovo | V110-15Ikb | - |
| Lenovo | V110-15Isk | - |
| Lenovo | Yoga 710-11Ikb | - |
References
- https://support.lenovo.com/us/en/product_security/LEN-15084Vendor Advisory
- https://support.lenovo.com/us/en/product_security/LEN-15084Vendor Advisory
FAQ
What is CVE-2017-3754?
CVE-2017-3754 is a vulnerability with a CVSS score of 6.7 (MEDIUM). Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an attacker with physical or administrative access to a system to be able to ...
How severe is CVE-2017-3754?
CVE-2017-3754 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-3754?
Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Bios, Lenovo 710S-13Ikb\/Xiaoxin Air 13Ikb, Lenovo 710S-13Isk\/Xiaoxin Air 13, Lenovo K21-80, Lenovo K22-80\/Lenovo V720-12.