Vulnerability Description
System boot process is not adequately secured In Lenovo E95 and ThinkCentre M710s/M710t because systems were shipped from factory without completing BIOS/UEFI initialization process.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lenovo | Thinkcentre M710S Firmware | < m16kt40a |
| Lenovo | Thinkcentre M710S | - |
| Lenovo | Thinkcentre M710T Firmware | < m16kt40a |
| Lenovo | Thinkcentre M710T | - |
| Lenovo | Aio E95 Firmware | < m16kt40a |
| Lenovo | Aio E95 | - |
References
- https://support.lenovo.com/us/en/product_security/LEN-17417Issue TrackingVendor Advisory
- https://support.lenovo.com/us/en/product_security/LEN-17417Issue TrackingVendor Advisory
FAQ
What is CVE-2017-3771?
CVE-2017-3771 is a vulnerability with a CVSS score of 7.5 (HIGH). System boot process is not adequately secured In Lenovo E95 and ThinkCentre M710s/M710t because systems were shipped from factory without completing BIOS/UEFI initialization process.
How severe is CVE-2017-3771?
CVE-2017-3771 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-3771?
Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Thinkcentre M710S Firmware, Lenovo Thinkcentre M710S, Lenovo Thinkcentre M710T Firmware, Lenovo Thinkcentre M710T, Lenovo Aio E95 Firmware.