CVE-2017-3771 - OpenCVE

System boot process is not adequately secured In Lenovo E95 and ThinkCentre M710s/M710t because systems were shipped from factory without completing BIOS/UEFI initialization process.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Lenovo	Aio E95 Aio E95 Firmware Thinkcentre M710s Thinkcentre M710s Firmware Thinkcentre M710t Thinkcentre M710t Firmware

Configuration 1 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_m710s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_m710s:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:lenovo:thinkcentre_m710t_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkcentre_m710t:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:lenovo:aio_e95_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:aio_e95:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://support.lenovo.com/us/en/product_security/LEN-17417

History

No history.

MITRE

Status: PUBLISHED

Assigner: lenovo

Published: 2017-10-26T17:00:00

Updated: 2024-08-05T14:39:40.932Z

Reserved: 2016-12-16T00:00:00

Link: CVE-2017-3771

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-10-26T17:29:00.453

Modified: 2019-10-03T00:03:26.223

Link: CVE-2017-3771

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "E95, ThinkCentre M710s/M710t", "vendor": "Lenovo Group Ltd.", "versions": [{"status": "affected", "version": "Earlier than 1.3.2"}]}], "datePublic": "2017-10-26T00:00:00", "descriptions": [{"lang": "en", "value": "System boot process is not adequately secured In Lenovo E95 and ThinkCentre M710s/M710t because systems were shipped from factory without completing BIOS/UEFI initialization process."}], "problemTypes": [{"descriptions": [{"description": "Unauthorized bootloader allowed to run during system boot, reducing protection against rootkits", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-26T16:57:01", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.lenovo.com/us/en/product_security/LEN-17417"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@lenovo.com", "ID": "CVE-2017-3771", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "E95, ThinkCentre M710s/M710t", "version": {"version_data": [{"version_value": "Earlier than 1.3.2"}]}}]}, "vendor_name": "Lenovo Group Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "System boot process is not adequately secured In Lenovo E95 and ThinkCentre M710s/M710t because systems were shipped from factory without completing BIOS/UEFI initialization process."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Unauthorized bootloader allowed to run during system boot, reducing protection against rootkits"}]}]}, "references": {"reference_data": [{"name": "https://support.lenovo.com/us/en/product_security/LEN-17417", "refsource": "CONFIRM", "url": "https://support.lenovo.com/us/en/product_security/LEN-17417"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:39:40.932Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.lenovo.com/us/en/product_security/LEN-17417"}]}]}, "cveMetadata": {"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2017-3771", "datePublished": "2017-10-26T17:00:00", "dateReserved": "2016-12-16T00:00:00", "dateUpdated": "2024-08-05T14:39:40.932Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkcentre_m710s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FFF5309A-4F76-49B6-A1D0-C1F140094B2C", "versionEndExcluding": "m16kt40a", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkcentre_m710s:-:*:*:*:*:*:*:*", "matchCriteriaId": "226E471D-D956-4F0A-8B5F-4D12ACB840DC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkcentre_m710t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "290AB415-0743-4A82-9D18-C673AC64E8C7", "versionEndExcluding": "m16kt40a", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkcentre_m710t:-:*:*:*:*:*:*:*", "matchCriteriaId": "97D36621-D244-4A52-A229-3BDF001E8527", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:aio_e95_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "913D227D-10A0-4E36-A256-24A855F5459B", "versionEndExcluding": "m16kt40a", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:aio_e95:-:*:*:*:*:*:*:*", "matchCriteriaId": "5250500A-6D1F-456D-8844-0B6E2CB7E8B7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "System boot process is not adequately secured In Lenovo E95 and ThinkCentre M710s/M710t because systems were shipped from factory without completing BIOS/UEFI initialization process."}, {"lang": "es", "value": "No se ha asegurado adecuadamente el proceso de arranque del sistema en Lenovo E95 y ThinkCentre M710s/M710t debido a que los sistemas sal\u00edan de f\u00e1brica sin haber completado el proceso de inicializaci\u00f3n BIOS/UEFI."}], "id": "CVE-2017-3771", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-26T17:29:00.453", "references": [{"source": "psirt@lenovo.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://support.lenovo.com/us/en/product_security/LEN-17417"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}