CVE-2017-3754
Summary
| CVE | CVE-2017-3754 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-07-17 19:29:00 UTC |
| Updated | 2019-10-03 00:03:00 UTC |
| Description | Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an attacker with physical or administrative access to a system to be able to flash the BIOS with an arbitrary image and potentially run malicious BIOS code. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Lenovo | 710s-13ikb/xiaoxin Air 13ikb | - | All | All | All |
| Hardware | Lenovo | 710s-13ikb/xiaoxin Air 13ikb | - | All | All | All |
| Hardware | Lenovo | 710s-13ikb/xiaoxin Air 13ikb | - | All | All | All |
| Hardware | Lenovo | 710s-13isk/xiaoxin Air 13 | - | All | All | All |
| Hardware | Lenovo | 710s-13isk/xiaoxin Air 13 | - | All | All | All |
| Hardware | Lenovo | 710s-13isk/xiaoxin Air 13 | - | All | All | All |
| Operating System | Lenovo | Bios | - | All | All | All |
| Operating System | Lenovo | Bios | - | All | All | All |
| Hardware | Lenovo | K21-80 | - | All | All | All |
| Hardware | Lenovo | K21-80 | - | All | All | All |
| Hardware | Lenovo | K22-80/lenovo V720-12 | - | All | All | All |
| Hardware | Lenovo | K22-80/lenovo V720-12 | - | All | All | All |
| Hardware | Lenovo | K22-80/lenovo V720-12 | - | All | All | All |
| Hardware | Lenovo | K41-80 | - | All | All | All |
| Hardware | Lenovo | K41-80 | - | All | All | All |
| Hardware | Lenovo | Lenovo Ideapad 110-14ast | - | All | All | All |
| Hardware | Lenovo | Lenovo Ideapad 110-14ast | - | All | All | All |
| Hardware | Lenovo | Lenovo Ideapad 110-15ast | - | All | All | All |
| Hardware | Lenovo | Lenovo Ideapad 110-15ast | - | All | All | All |
| Hardware | Lenovo | Lenovo Ideapad 320-14ast | - | All | All | All |
| Hardware | Lenovo | Lenovo Ideapad 320-14ast | - | All | All | All |
| Hardware | Lenovo | Lenovo Ideapad 320-15ast | - | All | All | All |
| Hardware | Lenovo | Lenovo Ideapad 320-15ast | - | All | All | All |
| Hardware | Lenovo | Lenovo Xiaoxin Rui7000 | - | All | All | All |
| Hardware | Lenovo | Lenovo Xiaoxin Rui7000 | - | All | All | All |
| Hardware | Lenovo | Miix 710-12ikb | - | All | All | All |
| Hardware | Lenovo | Miix 710-12ikb | - | All | All | All |
| Hardware | Lenovo | Miix 720-12ikb | - | All | All | All |
| Hardware | Lenovo | Miix 720-12ikb | - | All | All | All |
| Hardware | Lenovo | Notebook 320-17ast | - | All | All | All |
| Hardware | Lenovo | Notebook 320-17ast | - | All | All | All |
| Hardware | Lenovo | Rescuer E520-15ikb | - | All | All | All |
| Hardware | Lenovo | Rescuer E520-15ikb | - | All | All | All |
| Hardware | Lenovo | V110-14iap | - | All | All | All |
| Hardware | Lenovo | V110-14iap | - | All | All | All |
| Hardware | Lenovo | V110-15iap | - | All | All | All |
| Hardware | Lenovo | V110-15iap | - | All | All | All |
| Hardware | Lenovo | V110-15ikb | - | All | All | All |
| Hardware | Lenovo | V110-15ikb | - | All | All | All |
| Hardware | Lenovo | V110-15isk | - | All | All | All |
| Hardware | Lenovo | V110-15isk | - | All | All | All |
| Hardware | Lenovo | Yoga 710-11ikb | - | All | All | All |
| Hardware | Lenovo | Yoga 710-11ikb | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Some Lenovo Brand Notebooks Do Not Have BIOS Write Protection Configured - Lenovo Support US | CONFIRM | support.lenovo.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.