What is CVE-2017-3756?

CVE-2017-3756 is a high-severity vulnerability in Lenovo Thinkpad_10_ella_2. CVSS score: 7.8/10. Published 2017-08-18.

How severe is CVE-2017-3756?

High severity. CVSS v3 base score is 7.8 out of 10.

Vulnerability in Lenovo Thinkpad_10_ella_2

CVE-2017-3756

A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems versions earlier than 1.82.0.17. An attacker with local privileges could execute code with administrative privileges via an unquote…

EPSS: 0.004 (29.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Lenovo Thinkpad_10_ella_2
Lenovo Thinkpad_10_ella_2_bios
Lenovo Thinkpad_11e_beema
Lenovo Thinkpad_11e_beema_bios
Lenovo Thinkpad_11e_braswell
Lenovo Thinkpad_11e_braswell_bios
Lenovo Thinkpad_11e_broadwell
Lenovo Thinkpad_11e_broadwell_bios
Lenovo Thinkpad_11e_skylake
Lenovo Thinkpad_11e_skylake_bios

References

psirt@lenovo.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
psirt@lenovo.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2017-3756?: CVE-2017-3756 is a high-severity vulnerability in Lenovo Thinkpad_10_ella_2. CVSS score: 7.8/10. Published 2017-08-18.
How severe is CVE-2017-3756?: High severity. CVSS v3 base score is 7.8 out of 10.