CVE-2017-3774 — CRITICAL (9.8)

Q: How severe is CVE-2017-3774?

CVE-2017-3774 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2017-3774?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Integrated Management Module 2, Lenovo Flex System X240 M4, Lenovo Flex System X240 M5, Lenovo Flex System X280 X6, Lenovo Flex System X440 M4.

Vulnerability Description

A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers. An attacker providing a crafted user ID and password combination can cause a portion of the authentication routine to overflow its stack, resulting in stack corruption.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Lenovo	Integrated Management Module 2	< 4.70
Lenovo	Flex System X240 M4	-
Lenovo	Flex System X240 M5	-
Lenovo	Flex System X280 X6	-
Lenovo	Flex System X440 M4	-
Lenovo	Flex System X480 X6	-
Lenovo	Flex System X880	-
Lenovo	Nextscale Nx360 M5	-
Lenovo	System X3250 M6	-
Lenovo	System X3500 M5	-
Lenovo	System X3550 M5	-
Lenovo	System X3650 M5	-
Lenovo	System X3750 M4	-
Lenovo	System X3850 X6	-
Lenovo	System X3950 X6	-
Ibm	Bladecenter Hs22	-
Ibm	Bladecenter Hs23	-
Ibm	Bladecenter Hs23E	-
Ibm	Flex System X220 M4	-
Ibm	Flex System X222 M4	-

Related Weaknesses (CWE)

CWE-119

References

https://support.lenovo.com/us/en/product_security/LEN-19586Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-19586Vendor Advisory

FAQ

What is CVE-2017-3774?

CVE-2017-3774 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than version 4.70 used in some Lenovo servers and earlier than vers...

How severe is CVE-2017-3774?

CVE-2017-3774 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2017-3774?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Integrated Management Module 2, Lenovo Flex System X240 M4, Lenovo Flex System X240 M5, Lenovo Flex System X280 X6, Lenovo Flex System X440 M4.