Multiple Lenovo System x Servers CVE-2017-3775 Local Authentication Bypass Vulnerability

Bugtraq ID:	104275
Class:	Design Error
CVE:	CVE-2017-3775
Remote:	No
Local:	Yes
Published:	May 03 2018 12:00AM
Updated:	May 03 2018 12:00AM
Credit:	The vendor reported this issue.
Vulnerable:	Lenovo System x3950 X6 0 Lenovo System x3850 X6 0 Lenovo System x3650 M5 0 Lenovo System x3550 M5 0 Lenovo System x3500 M5 0 Lenovo System x3250 M6 0 Lenovo NeXtScale nx360 M5 0 Lenovo Flex System x880 0 Lenovo Flex System x480 X6 0 Lenovo Flex System x280 X6 0 Lenovo Flex System x240 M5 0
Not Vulnerable:	Lenovo System x3950 X6 4.3 Lenovo System x3850 X6 4.3 Lenovo System x3650 M5 2.61 Lenovo System x3550 M5 2.61 Lenovo System x3500 M5 2.61 Lenovo System x3250 M6 2.23 Lenovo NeXtScale nx360 M5 2.61 Lenovo Flex System x880 4.21 Lenovo Flex System x480 X6 4.21 Lenovo Flex System x280 X6 4.21 Lenovo Flex System x240 M5 2.61

Multiple Lenovo System x Servers CVE-2017-3775 Local Authentication Bypass Vulnerability

Multiple Lenovo System x Servers are prone to a local authentication-bypass vulnerability.

An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks.

Multiple Lenovo System x Servers CVE-2017-3775 Local Authentication Bypass Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Multiple Lenovo System x Servers CVE-2017-3775 Local Authentication Bypass Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Multiple Lenovo System x Servers CVE-2017-3775 Local Authentication Bypass Vulnerability

References:

• Lenovo Homepage (lenovo)
  
• System x Secure Boot Vulnerability (Lenovo)