CVE-2017-3742 - OpenCVE

In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for this ad-hoc connection will be stored in a user-readable location. An attacker with read access to the user's contents could connect to the Connect2 hotspot and see the contents of files while they are being transferred between the two systems.

No CVSS v4.0

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Adjacent Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:A/AC:M/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Android
Lenovo	Connect2
Microsoft	Windows

Configuration 1 [-]

AND

cpe:2.3:a:lenovo:connect2:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:a:lenovo:connect2:*:*:*:*:*:*:*:*

cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://support.lenovo.com/us/en/product_security/LEN-14398

History

No history.

MITRE

Status: PUBLISHED

Assigner: lenovo

Published: 2017-07-17T19:00:00Z

Updated: 2024-09-16T19:51:52.104Z

Reserved: 2016-12-16T00:00:00

Link: CVE-2017-3742

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-07-17T19:29:00.277

Modified: 2017-07-27T01:30:57.747

Link: CVE-2017-3742

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Lenovo Connect2", "vendor": "Lenovo Group Ltd.", "versions": [{"status": "affected", "version": "Earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android."}]}], "datePublic": "2017-07-13T00:00:00", "descriptions": [{"lang": "en", "value": "In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for this ad-hoc connection will be stored in a user-readable location. An attacker with read access to the user's contents could connect to the Connect2 hotspot and see the contents of files while they are being transferred between the two systems."}], "problemTypes": [{"descriptions": [{"description": "Disclosure of ad-hoc wifi network key stored in user-readable location", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-17T18:57:01", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.lenovo.com/us/en/product_security/LEN-14398"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@lenovo.com", "DATE_PUBLIC": "2017-07-13T00:00:00", "ID": "CVE-2017-3742", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Lenovo Connect2", "version": {"version_data": [{"version_value": "Earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android."}]}}]}, "vendor_name": "Lenovo Group Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for this ad-hoc connection will be stored in a user-readable location. An attacker with read access to the user's contents could connect to the Connect2 hotspot and see the contents of files while they are being transferred between the two systems."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Disclosure of ad-hoc wifi network key stored in user-readable location"}]}]}, "references": {"reference_data": [{"name": "https://support.lenovo.com/us/en/product_security/LEN-14398", "refsource": "CONFIRM", "url": "https://support.lenovo.com/us/en/product_security/LEN-14398"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:39:40.707Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.lenovo.com/us/en/product_security/LEN-14398"}]}]}, "cveMetadata": {"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2017-3742", "datePublished": "2017-07-17T19:00:00Z", "dateReserved": "2016-12-16T00:00:00", "dateUpdated": "2024-09-16T19:51:52.104Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lenovo:connect2:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D397211-B783-40B4-83C7-C01825D6C112", "versionEndIncluding": "4.2.5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lenovo:connect2:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D397211-B783-40B4-83C7-C01825D6C112", "versionEndIncluding": "4.2.5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "matchCriteriaId": "8255F035-04C8-4158-B301-82101711939C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for this ad-hoc connection will be stored in a user-readable location. An attacker with read access to the user's contents could connect to the Connect2 hotspot and see the contents of files while they are being transferred between the two systems."}, {"lang": "es", "value": "En las versiones de Lenovo Connect2 anteriores a 4.2.5.4885 para Windows y versi\u00f3n 4.2.5.3071 para Android, cuando una conexi\u00f3n ad-hoc se realiza entre dos sistemas con el fin de compartir archivos, la contrase\u00f1a de esta conexi\u00f3n ad-hoc ser\u00e1 almacenada en una ubicaci\u00f3n legible por el usuario. Un atacante con acceso de lectura al contenido del usuario podr\u00eda conectarse al punto de acceso Connect2 y visualizar el contenido de los archivos mientras estos son transferidos entre los dos sistemas."}], "id": "CVE-2017-3742", "lastModified": "2017-07-27T01:30:57.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 2.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:A/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 4.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-07-17T19:29:00.277", "references": [{"source": "psirt@lenovo.com", "tags": ["Vendor Advisory"], "url": "https://support.lenovo.com/us/en/product_security/LEN-14398"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}