CVE-2017-3744
Summary
| CVE | CVE-2017-3744 |
|---|---|
| State | PUBLISHED |
| Assigner | lenovo |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-06-20 00:29:00 UTC |
| Updated | 2025-04-20 01:37:25 UTC |
| Description | In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information. Authorized users that can capture and export FFDC service log data may have access to these remote commands. |
Risk And Classification
Primary CVSS: v3.0 6.5 MEDIUM from [email protected]
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Problem Types: CWE-532 | Disclosure of login credentials to user with local privileges
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.0 | [email protected] | Primary | 6.5 | MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
| 2.0 | [email protected] | Primary | 4 | AV:N/AC:L/Au:S/C:P/I:N/A:N |
CVSS v3.0 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
LowUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
NoneAvailability
NoneCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
SingleConfidentiality
PartialIntegrity
NoneAvailability
NoneAV:N/AC:L/Au:S/C:P/I:N/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Ibm | Bladecenter Hs22 | - | All | All | All |
| Hardware | Ibm | Bladecenter Hs23 | - | All | All | All |
| Hardware | Ibm | Bladecenter Hs23e | - | All | All | All |
| Hardware | Ibm | Flex System X220 M4 | - | All | All | All |
| Hardware | Ibm | Flex System X222 M4 | - | All | All | All |
| Hardware | Ibm | Flex System X240 M4 | - | All | All | All |
| Hardware | Ibm | Flex System X280 M4 | - | All | All | All |
| Hardware | Ibm | Flex System X440 M4 | - | All | All | All |
| Hardware | Ibm | Flex System X480 M4 | - | All | All | All |
| Hardware | Ibm | Flex System X880 M4 | - | All | All | All |
| Hardware | Ibm | Idataplex Dx360 M4 | - | All | All | All |
| Hardware | Ibm | Idataplex Dx360 M4 Water Cooled | - | All | All | All |
| Operating System | Ibm | Integrated Management Module Firmware | All | All | All | All |
| Hardware | Ibm | Nextscale Nx360 M4 | - | All | All | All |
| Hardware | Ibm | System X3100 M4 | - | All | All | All |
| Hardware | Ibm | System X3100 M5 | - | All | All | All |
| Hardware | Ibm | System X3250 M4 | - | All | All | All |
| Hardware | Ibm | System X3250 M5 | - | All | All | All |
| Hardware | Ibm | System X3300 M4 | - | All | All | All |
| Hardware | Ibm | System X3500 M4 | - | All | All | All |
| Hardware | Ibm | System X3530 M4 | - | All | All | All |
| Hardware | Ibm | System X3550 M4 | - | All | All | All |
| Hardware | Ibm | System X3630 M4 | - | All | All | All |
| Hardware | Ibm | System X3650 M4 | - | All | All | All |
| Hardware | Ibm | System X3650 M4 Bd | - | All | All | All |
| Hardware | Ibm | System X3650 M4 Hd | - | All | All | All |
| Hardware | Ibm | System X3750 M4 | - | All | All | All |
| Hardware | Ibm | System X3850 X6 | - | All | All | All |
| Hardware | Ibm | System X3950 X6 | - | All | All | All |
| Hardware | Lenovo | Flex System X240 M4 | - | All | All | All |
| Hardware | Lenovo | Flex System X240 M5 | - | All | All | All |
| Hardware | Lenovo | Flex System X280 X6 | - | All | All | All |
| Hardware | Lenovo | Flex System X440 M4 | - | All | All | All |
| Hardware | Lenovo | Flex System X480 X6 | - | All | All | All |
| Hardware | Lenovo | Flex System X880 | - | All | All | All |
| Operating System | Lenovo | Integrated Management Module Firmware | All | All | All | All |
| Hardware | Lenovo | Nextscale Nx360 M5 | - | All | All | All |
| Hardware | Lenovo | System X3250 M6 | - | All | All | All |
| Hardware | Lenovo | System X3500 M5 | - | All | All | All |
| Hardware | Lenovo | System X3550 M5 | - | All | All | All |
| Hardware | Lenovo | System X3650 M5 | - | All | All | All |
| Hardware | Lenovo | System X3750 M4 | - | All | All | All |
| Hardware | Lenovo | System X3850 X6 | - | All | All | All |
| Hardware | Lenovo | System X3950 X6 | - | All | All | All |
| Hardware | Lenovo | Thinkagile Cx2200 | - | All | All | All |
| Hardware | Lenovo | Thinkagile Cx4200 | - | All | All | All |
| Hardware | Lenovo | Thinkagile Cx4600 | - | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Lenovo Group Ltd. | Lenovo System X IMM2 | affected Lenovo System x IMM2 firmware versions earlier than 4.10 and IBM System x IMM2 firmware versions earlier than 6.20 | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Login information processed by the IMM2 may be exposed to local IMM2 users - Lenovo Support US | af854a3a-2127-422b-91ae-364da2661108 | support.lenovo.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.