CVE-2017-3753

EUVD-2017-12870
A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. (AMI). With this vulnerability, conditions exist where an attacker with administrative privileges or physical access to a system may be able to run specially crafted code that can allow them to bypass system protections such as Device Guard and Hyper-V.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
Affected Products (NVD)
VendorProductVersion
lenovoideacentre_300-20ish_firmware
-
lenovoideacentre_300s-11ish_firmware
-
lenovoideacentre_510s-08ish_firmware
-
lenovoideacentre_700_firmware
-
lenovov320-15iap_firmware
-
lenovothinkcentre_e75_t\/s_firmware
-
lenovothinkcentre_m610_firmware
-
lenovothinkcentre_m710t\/s_firmware
-
lenovothinkcentre_m715q_firmware
-
lenovothinkcentre_m910t\/s_firmware
-
lenovothinkcentre_m910q_firmware
-
lenovothinkcentre_m910x_firmware
-
lenovoyangtian_mc_carrizo-l_firmware
-
lenovothinkcentre_m810z_firmware
-
lenovothinkserver_rd340_firmware
-
lenovothinkserver_rq750_firmware
7.05
lenovothinkserver_ts250_firmware
-
lenovothinkserver_ts450_firmware
-
lenovothinkserver_ts550_firmware
-
lenovothinkstation_p320_firmware
-
lenovothinkstation_p410_firmware
-
lenovothinkstation_p510_firmware
-
lenovothinkstation_p710_firmware
-
lenovothinkstation_p910_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.lenovo.com/us/en/product_security/LEN-14695
https://support.lenovo.com/us/en/product_security/LEN-14695