What is CVE-2017-3753?

CVE-2017-3753 is a medium-severity vulnerability in Lenovo 63, classified under Code Injection. CVSS score: 6.8/10. Published 2017-08-10.

How severe is CVE-2017-3753?

Medium severity. CVSS v3 base score is 6.8 out of 10.

RCE in Lenovo 63

CVE-2017-3753

A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. (AMI). With this vulnerability, conditions exist where an attacker with administrative privileges or physical acce…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.005 (39.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Lenovo 63
Lenovo 63_firmware — versions fckt78a
Lenovo H50-30g
Lenovo H50-30g_firmware — versions fckt78a
Lenovo Ideacentre_300-20ish
Lenovo Ideacentre_300-20ish_firmware
Lenovo Ideacentre_300s-11ish
Lenovo Ideacentre_300s-11ish_firmware
Lenovo Ideacentre_510s-08ish
Lenovo Ideacentre_510s-08ish_firmware

Weakness classification (CWE)

CWE-94 — Code Injection

References

psirt@lenovo.com (x_refsource_CONFIRM, Mitigation, Vendor Advisory)

Frequently asked questions

What is CVE-2017-3753?: CVE-2017-3753 is a medium-severity vulnerability in Lenovo 63, classified under Code Injection. CVSS score: 6.8/10. Published 2017-08-10.
How severe is CVE-2017-3753?: Medium severity. CVSS v3 base score is 6.8 out of 10.