CVE-2017-3753

6.8

MEDIUM

Lenovo AMI UEFI Bypass

Description

A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. (AMI). With this vulnerability, conditions exist where an attacker with administrative privileges or physical access to a system may be able to run specially crafted code that can allow them to bypass system protections such as Device Guard and Hyper-V.

INFO

Published Date :

Aug. 10, 2017, 12:29 a.m.

Last Modified :

Aug. 29, 2017, 3:38 p.m.

Source :

[email protected]

Remotely Exploitable :

No

Impact Score :

5.9

Exploitability Score :

0.9

Affected Products

The following products are affected by CVE-2017-3753 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product
1	Lenovo	ideacentre_300-20ish_firmware
2	Lenovo	ideacentre_300s-11ish_firmware
3	Lenovo	ideacentre_510s-08ish_firmware
4	Lenovo	ideacentre_700_firmware
5	Lenovo	m4500_firmware
6	Lenovo	m4500_id_firmware
7	Lenovo	m4550_id_firmware
8	Lenovo	thinkcentre_e73s_firmware
9	Lenovo	thinkcentre_e74_firmware
10	Lenovo	thinkcentre_e74s_firmware
11	Lenovo	thinkcentre_m4500k_firmware
12	Lenovo	thinkcentre_m4500q_firmware
13	Lenovo	thinkcentre_m610_firmware
14	Lenovo	thinkcentre_m6600_firmware
15	Lenovo	thinkcentre_m6600q_firmware
16	Lenovo	thinkcentre_m73p_firmware
17	Lenovo	thinkcentre_m800_firmware
18	Lenovo	thinkcentre_m900_firmware
19	Lenovo	thinkcentre_m910q_firmware
20	Lenovo	thinkcentre_m910x_firmware
21	Lenovo	thinkcentre_m93_firmware
22	Lenovo	yangtian_afh110_firmware
23	Lenovo	yangtian_afh81_firmware
24	Lenovo	yangtian_afq150_firmware
25	Lenovo	yangtian_mc_h110_firmware
26	Lenovo	yangtian_mc_h81_firmware
27	Lenovo	yangtian_me\/we_h110_firmware
28	Lenovo	thinkcentre_e74z_firmware
29	Lenovo	thinkcentre_m700z_firmware
30	Lenovo	thinkcentre_m7300z_firmware
31	Lenovo	thinkcentre_m800z_firmware
32	Lenovo	thinkcentre_m810z_firmware
33	Lenovo	thinkcentre_m8300z_firmware
34	Lenovo	thinkcentre_m8350z_firmware
35	Lenovo	thinkcentre_m83z_\(aio\)_firmware
36	Lenovo	thinkcentre_m900z_firmware
37	Lenovo	thinkcentre_m9500z_firmware
38	Lenovo	thinkcentre_m9550z_firmware
39	Lenovo	thinkcentre_x1_aio_firmware
40	Lenovo	thinkstation_e32_firmware
41	Lenovo	thinkstation_p300_firmware
42	Lenovo	thinkstation_p310_firmware
43	Lenovo	thinkstation_p320_firmware
44	Lenovo	thinkstation_p410_firmware
45	Lenovo	thinkstation_p500_firmware
46	Lenovo	thinkstation_p510_firmware
47	Lenovo	thinkstation_p700_firmware
48	Lenovo	thinkstation_p710_firmware
49	Lenovo	thinkstation_p900_firmware
50	Lenovo	thinkstation_p910_firmware
51	Lenovo	63_firmware
52	Lenovo	thinkcentre_e73_firmware
53	Lenovo	thinkcentre_e93_firmware
54	Lenovo	thinkcentre_m600_firmware
55	Lenovo	thinkcentre_m715q_firmware
56	Lenovo	thinkcentre_m73_firmware
57	Lenovo	thinkcentre_m79_firmware
58	Lenovo	thinkcentre_m83_firmware
59	Lenovo	thinkcentre_m93p_firmware
60	Lenovo	thinkcentre_e75_t\/s_firmware
61	Lenovo	thinkcentre_m6500t\/s_firmware
62	Lenovo	thinkcentre_m8500t\/s_firmware
63	Lenovo	thinkserver_rd340_firmware
64	Lenovo	thinkserver_rd440_firmware
65	Lenovo	thinkserver_rd540_firmware
66	Lenovo	thinkserver_rd640_firmware
67	Lenovo	thinkserver_rq750_firmware
68	Lenovo	thinkserver_td340_firmware
69	Lenovo	h50-30g_firmware
70	Lenovo	thinkcentre_m6600t\/s_firmware
71	Lenovo	thinkcentre_m710t\/s_firmware
72	Lenovo	thinkcentre_m8600t\/s_firmware
73	Lenovo	thinkserver_ts140_firmware
74	Lenovo	thinkserver_ts150_firmware
75	Lenovo	thinkserver_ts240_firmware
76	Lenovo	thinkserver_ts250_firmware
77	Lenovo	thinkserver_ts450_firmware
78	Lenovo	thinkserver_ts550_firmware
79	Lenovo	thinkcentre_m700_firmware
80	Lenovo	s500_firmware
81	Lenovo	v320-15iap_firmware
82	Lenovo	thinkcentre_e79_firmware
83	Lenovo	thinkcentre_m4500t\/s_firmware
84	Lenovo	thinkcentre_m4600t\/s_firmware
85	Lenovo	thinkcentre_m72e_firmware
86	Lenovo	thinkcentre_m910t\/s_firmware
87	Lenovo	thinkcentre_m92_firmware
88	Lenovo	thinkcentre_m92p_firmware
89	Lenovo	yangtian_mc_carrizo-l_firmware
90	Lenovo	yangtian_mc_godavari_firmware
91	Lenovo	yangtian_mf\/wf_h81_firmware
92	Lenovo	ideacentre_510s-23isu_firmware
93	Lenovo	s200z_firmware
94	Lenovo	thinkcentre_e73z_\(aio\)_firmware
95	Lenovo	thinkcentre_e93z_\(aio\)_firmware
96	Lenovo	thinkcentre_edge_62z_firmware
97	Lenovo	thinkcentre_m7200z_firmware
98	Lenovo	thinkcentre_m7250z_firmware
99	Lenovo	thinkcentre_m73z_\(aio\)_firmware
100	Lenovo	thinkcentre_m8200z_firmware
101	Lenovo	thinkcentre_m8250z_firmware
102	Lenovo	yangtian_s3040_firmware
103	Lenovo	yangtian_s800_firmware
104	Lenovo	thinkserver_rs140_firmware
105	Lenovo	thinkstation_c30_\(1136\)_firmware
106	Lenovo	thinkstation_d30_\(4353\)_firmware
107	Lenovo	thinkstation_e31_firmware
108	Lenovo	thinkstation_s30_\(4351\)_firmware
109	Lenovo	thinkstation_c30_\(1137\)_firmware
110	Lenovo	thinkstation_s30_\(4352\)_firmware
111	Lenovo	thinkstation_d30_\(4354\)_firmware

: Total Affected Vendor : 1 | Products : 111

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2017-3753.

URL	Resource
https://support.lenovo.com/us/en/product_security/LEN-14695	Mitigation Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2017-3753 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2017-3753 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

CVE Modified by [email protected]

May. 14, 2024

Action Type Old Value New Value

Initial Analysis by [email protected]

Aug. 29, 2017

Action	Type	Old Value	New Value
Added	CVSS V2		(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Added	CVSS V3		AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Changed	Reference Type	https://support.lenovo.com/us/en/product_security/LEN-14695 No Types Assigned	https://support.lenovo.com/us/en/product_security/LEN-14695 Mitigation, Vendor Advisory
Added	CWE		CWE-94
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:ideacentre_300-20ish_firmware:-::::::: OR cpe:2.3:h:lenovo:ideacentre_300-20ish:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:ideacentre_300s-11ish_firmware:-::::::: OR cpe:2.3:h:lenovo:ideacentre_300s-11ish:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:ideacentre_510s-08ish_firmware:-::::::: OR cpe:2.3:h:lenovo:ideacentre_510s-08ish:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:ideacentre_700_firmware:-::::::: OR cpe:2.3:h:lenovo:ideacentre_700:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:63_firmware:fckt78a::::::: OR cpe:2.3:h:lenovo:63:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:h50-30g_firmware:fckt78a::::::: OR cpe:2.3:h:lenovo:h50-30g:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:m4500_firmware:fckt78a::::::: OR cpe:2.3:h:lenovo:m4500:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:m4500_id_firmware:fckt78a::::::: OR cpe:2.3:h:lenovo:m4500_id:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:m4550_id_firmware:fckt78a::::::: OR cpe:2.3:h:lenovo:m4550_id:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:s500_firmware:m0kkt24a::::::: OR cpe:2.3:h:lenovo:s500:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:v320-15iap_firmware:-::::::: OR cpe:2.3:h:lenovo:v320-15iap:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_e73_firmware:fckt78a::::::: OR cpe:2.3:h:lenovo:thinkcentre_e73:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_e73s_firmware:fckt78a::::::: OR cpe:2.3:h:lenovo:thinkcentre_e73s:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_e74_firmware:m05kt54a::::::: OR cpe:2.3:h:lenovo:thinkcentre_e74:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_e74s_firmware:m05kt54a::::::: OR cpe:2.3:h:lenovo:thinkcentre_e74s:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_e75_t\/s_firmware:-::::::: OR cpe:2.3:h:lenovo:thinkcentre_e75_t\/s:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_e79_firmware:m0lkt12a::::::: OR cpe:2.3:h:lenovo:thinkcentre_e79:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_e93_firmware:fbktc5a::::::: OR cpe:2.3:h:lenovo:thinkcentre_e93:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_m4500k_firmware:fckt78a::::::: OR cpe:2.3:h:lenovo:thinkcentre_m4500k:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_m4500q_firmware:fhkt66a::::::: OR cpe:2.3:h:lenovo:thinkcentre_m4500q:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_m4500t\/s_firmware:fckt78a::::::: OR cpe:2.3:h:lenovo:thinkcentre_m4500t\/s:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_m4600t\/s_firmware:m05kt54a::::::: OR cpe:2.3:h:lenovo:thinkcentre_m4600t\/s:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_m600_firmware:m00kt44a::::::: OR cpe:2.3:h:lenovo:thinkcentre_m600:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_m610_firmware:-::::::: OR cpe:2.3:h:lenovo:thinkcentre_m610:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_m6500t\/s_firmware:fbktc5a::::::: OR cpe:2.3:h:lenovo:thinkcentre_m6500t\/s:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_m6600_firmware:fwkt39a::::::: OR cpe:2.3:h:lenovo:thinkcentre_m6600:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_m6600q_firmware:fwkt39a::::::: OR cpe:2.3:h:lenovo:thinkcentre_m6600q:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_m6600t\/s_firmware:fwkt39a::::::: OR cpe:2.3:h:lenovo:thinkcentre_m6600t\/s:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_m700_firmware:m05kt54a::::::: OR cpe:2.3:h:lenovo:thinkcentre_m700:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_m710t\/s_firmware:-::::::: OR cpe:2.3:h:lenovo:thinkcentre_m710t\/s:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_m715q_firmware:-::::::: OR cpe:2.3:h:lenovo:thinkcentre_m715q:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_m72e_firmware:f1kt71a::::::: OR cpe:2.3:h:lenovo:thinkcentre_m72e:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_m73_firmware:fckt78a::::::: OR cpe:2.3:h:lenovo:thinkcentre_m73:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_m73p_firmware:fbktc5a::::::: OR cpe:2.3:h:lenovo:thinkcentre_m73p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_m79_firmware:m0lkt12a::::::: OR cpe:2.3:h:lenovo:thinkcentre_m79:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_m800_firmware:fwkt39a::::::: OR cpe:2.3:h:lenovo:thinkcentre_m800:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_m83_firmware:fbktcga::::::: OR cpe:2.3:h:lenovo:thinkcentre_m83:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_m8500t\/s_firmware:fbktc5a::::::: OR cpe:2.3:h:lenovo:thinkcentre_m8500t\/s:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_m8600t\/s_firmware:fwkt39a::::::: OR cpe:2.3:h:lenovo:thinkcentre_m8600t\/s:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_m900_firmware:fwkt39a::::::: OR cpe:2.3:h:lenovo:thinkcentre_m900:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_m910t\/s_firmware:-::::::: OR cpe:2.3:h:lenovo:thinkcentre_m910t\/s:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_m910q_firmware:-::::::: OR cpe:2.3:h:lenovo:thinkcentre_m910q:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_m910x_firmware:-::::::: OR cpe:2.3:h:lenovo:thinkcentre_m910x:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_m92_firmware:9skt95a::::::: OR cpe:2.3:h:lenovo:thinkcentre_m92:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_m92p_firmware:9skt95a::::::: OR cpe:2.3:h:lenovo:thinkcentre_m92p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_m93_firmware:fbktc5a::::::: OR cpe:2.3:h:lenovo:thinkcentre_m93:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_m93p_firmware:fbktc5a::::::: OR cpe:2.3:h:lenovo:thinkcentre_m93p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:yangtian_afh110_firmware:m05kt73a::::::: OR cpe:2.3:h:lenovo:yangtian_afh110:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:yangtian_afh81_firmware:fckt80a::::::: OR cpe:2.3:h:lenovo:yangtian_afh81:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:yangtian_afq150_firmware:fwkt57a::::::: OR cpe:2.3:h:lenovo:yangtian_afq150:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:yangtian_mc_carrizo-l_firmware:-::::::: OR cpe:2.3:h:lenovo:yangtian_mc_carrizo-l:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:yangtian_mc_godavari_firmware:m0lkt13a::::::: OR cpe:2.3:h:lenovo:yangtian_mc_godavari:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:yangtian_mc_h110_firmware:m05kt61a::::::: OR cpe:2.3:h:lenovo:yangtian_mc_h110:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:yangtian_mc_h81_firmware:fckt80a::::::: OR cpe:2.3:h:lenovo:yangtian_mc_h81:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:yangtian_me\/we_h110_firmware:m05kt61a::::::: OR cpe:2.3:h:lenovo:yangtian_mc_h110:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:yangtian_mf\/wf_h81_firmware:fckt80a::::::: OR cpe:2.3:h:lenovo:yangtian_mf\/wf_h81:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:ideacentre_510s-23isu_firmware:o2ekt24a::::::: OR cpe:2.3:h:lenovo:ideacentre_510s-23isu:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:s200z_firmware:m09kt33a::::::: OR cpe:2.3:h:lenovo:s200z:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_e73z_\(aio\)_firmware:fgkt49a::::::: OR cpe:2.3:h:lenovo:thinkcentre_e73z_\(aio\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_e74z_firmware:fvkt48a::::::: OR cpe:2.3:h:lenovo:thinkcentre_e74z:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_e93z_\(aio\)_firmware:ffkt43a::::::: OR cpe:2.3:h:lenovo:thinkcentre_e93z_\(aio\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_edge_62z_firmware:f8kt40a::::::: OR cpe:2.3:h:lenovo:thinkcentre_edge_62z:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_m700z_firmware:fvkt48a::::::: OR cpe:2.3:h:lenovo:thinkcentre_m700z:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_m7200z_firmware:fgkt46a::::::: OR cpe:2.3:h:lenovo:thinkcentre_m7200z:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_m7250z_firmware:fgkt46a::::::: OR cpe:2.3:h:lenovo:thinkcentre_m7250z:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_m7300z_firmware:fvkt42a::::::: OR cpe:2.3:h:lenovo:thinkcentre_m7300z:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_m73z_\(aio\)_firmware:fgkt46a::::::: OR cpe:2.3:h:lenovo:thinkcentre_m73z_\(aio\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_m800z_firmware:fvkt42a::::::: OR cpe:2.3:h:lenovo:thinkcentre_m800z:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_m810z_firmware:-::::::: OR cpe:2.3:h:lenovo:thinkcentre_m810z:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_m8200z_firmware:fgkt46a::::::: OR cpe:2.3:h:lenovo:thinkcentre_m8200z:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_m8250z_firmware:fgkt46a::::::: OR cpe:2.3:h:lenovo:thinkcentre_m8250z:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_m8300z_firmware:fvkt42a::::::: OR cpe:2.3:h:lenovo:thinkcentre_m8300z:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_m8350z_firmware:fvkt42a::::::: OR cpe:2.3:h:lenovo:thinkcentre_m8350z:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_m83z_\(aio\)_firmware:fvkt42a::::::: OR cpe:2.3:h:lenovo:thinkcentre_m83z_\(aio\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_m900z_firmware:fukt39a::::::: OR cpe:2.3:h:lenovo:thinkcentre_m900z:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_m9500z_firmware:fukt44a::::::: OR cpe:2.3:h:lenovo:thinkcentre_m9500z:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_m9550z_firmware:fukt44a::::::: OR cpe:2.3:h:lenovo:thinkcentre_m9550z:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkcentre_x1_aio_firmware:m0hkt32a::::::: OR cpe:2.3:h:lenovo:thinkcentre_x1_aio:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:yangtian_s3040_firmware:fgkt49a::::::: OR cpe:2.3:h:lenovo:yangtian_s3040:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:yangtian_s800_firmware:ffkt43a::::::: OR cpe:2.3:h:lenovo:yangtian_s3040:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkserver_rd340_firmware:-::::::: OR cpe:2.3:h:lenovo:thinkserver_rd340:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkserver_rd440_firmware:a0tsb5a::::::: OR cpe:2.3:h:lenovo:thinkserver_rd440:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkserver_rd540_firmware:a1tsb5a::::::: OR cpe:2.3:h:lenovo:thinkserver_rd540:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkserver_rd640_firmware:a1tsb5a::::::: OR cpe:2.3:h:lenovo:thinkserver_rd540:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkserver_rq750_firmware:7.05::::::: OR cpe:2.3:h:lenovo:thinkserver_rq750:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkserver_rs140_firmware:fbkt91c::::::: OR cpe:2.3:h:lenovo:thinkserver_rs140:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkserver_td340_firmware:a3tsb5a::::::: OR cpe:2.3:h:lenovo:thinkserver_td340:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkserver_ts140_firmware:fbktc3a::::::: OR cpe:2.3:h:lenovo:thinkserver_ts140:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkserver_ts150_firmware:fbktc3a::::::: OR cpe:2.3:h:lenovo:thinkserver_ts150:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkserver_ts240_firmware:fbktc3a::::::: OR cpe:2.3:h:lenovo:thinkserver_ts240:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkserver_ts250_firmware:-::::::: OR cpe:2.3:h:lenovo:thinkserver_ts250:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkserver_ts450_firmware:-::::::: OR cpe:2.3:h:lenovo:thinkserver_ts450:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkserver_ts550_firmware:-::::::: OR cpe:2.3:h:lenovo:thinkserver_ts550:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkstation_c30_\(1136\)_firmware:a1kt57a::::::: OR cpe:2.3:h:lenovo:thinkstation_c30_\(1136\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkstation_d30_\(4353\)_firmware:a3kt57a::::::: OR cpe:2.3:h:lenovo:thinkstation_d30_\(4353\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkstation_e31_firmware:9skt97a::::::: OR cpe:2.3:h:lenovo:thinkstation_e31:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkstation_e32_firmware:fbktc6a::::::: OR cpe:2.3:h:lenovo:thinkstation_e32:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkstation_p300_firmware:fbktc6a::::::: OR cpe:2.3:h:lenovo:thinkstation_p300:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkstation_p310_firmware:fwkt57a::::::: OR cpe:2.3:h:lenovo:thinkstation_p310:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkstation_p320_firmware:-::::::: OR cpe:2.3:h:lenovo:thinkstation_p320:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkstation_p410_firmware:-::::::: OR cpe:2.3:h:lenovo:thinkstation_p410:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkstation_p500_firmware:a4kt86a::::::: OR cpe:2.3:h:lenovo:thinkstation_p500:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkstation_p510_firmware:-::::::: OR cpe:2.3:h:lenovo:thinkstation_p510:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkstation_p700_firmware:a5kt86a::::::: OR cpe:2.3:h:lenovo:thinkstation_p700:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkstation_p710_firmware:-::::::: OR cpe:2.3:h:lenovo:thinkstation_p710:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkstation_p900_firmware:a6kt86a::::::: OR cpe:2.3:h:lenovo:thinkstation_p900:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkstation_p910_firmware:-::::::: OR cpe:2.3:h:lenovo:thinkstation_p910:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkstation_s30_\(4351\)_firmware:a2kt54a::::::: OR cpe:2.3:h:lenovo:thinkstation_s30_\(4351\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkstation_c30_\(1137\)_firmware:a1kt57a::::::: OR cpe:2.3:h:lenovo:thinkstation_c30_\(1137\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkstation_s30_\(4352\)_firmware:a2kt54a::::::: OR cpe:2.3:h:lenovo:thinkstation_s30_\(4352\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkstation_d30_\(4354\)_firmware:a3kt57a::::::: OR cpe:2.3:h:lenovo:thinkstation_d30_\(4354\):-:::::::*

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.

CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2017-3753 is associated with the following CWEs:

CWE-94: Improper Control of Generation of Code ('Code Injection')

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2017-3753 weaknesses.

CAPEC-35: Leverage Executable Code in Non-Executable Files Leverage Executable Code in Non-Executable Files CAPEC-77: Manipulating User-Controlled Variables Manipulating User-Controlled Variables CAPEC-242: Code Injection Code Injection

CVE-2017-3753

Lenovo AMI UEFI Bypass

Description

INFO

Aug. 10, 2017, 12:29 a.m.

Aug. 29, 2017, 3:38 p.m.

[email protected]

No

5.9

0.9

Affected Products

References to Advisories, Solutions, and Tools

CVE Modified by [email protected]

Initial Analysis by [email protected]

CWE - Common Weakness Enumeration

Common Attack Pattern Enumeration and Classification (CAPEC)

Exploit Prediction

0.07 }} 0.01%

0.28839

CVSS30 - Vulnerability Scoring System

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable