CVE-2017-3746 - OpenCVE

ThinkPad USB 3.0 Ethernet Adapter (part number 4X90E51405) driver, various versions, was found to contain a privilege escalation vulnerability that could allow a local user to execute arbitrary code with administrative or system level privileges.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Lenovo	Thinkpad Usb 3.0 Ethernet Adapter Driver

Configuration 1 [-]

cpe:2.3:a:lenovo:thinkpad_usb_3.0_ethernet_adapter_driver:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/100520	Third Party Advisory VDB Entry
https://support.lenovo.com/us/en/product_security/LEN-9896	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: lenovo

Published: 2017-08-24T00:00:00

Updated: 2017-08-31T09:57:01

Reserved: 2016-12-16T00:00:00

Link: CVE-2017-3746

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-08-29T01:35:13.767

Modified: 2019-10-03T00:03:26.223

Link: CVE-2017-3746

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "ThinkPad USB 3.0 Ethernet Adapter Driver", "vendor": "Lenovo Group Ltd.", "versions": [{"status": "affected", "version": "various versions"}]}], "datePublic": "2017-08-24T00:00:00", "descriptions": [{"lang": "en", "value": "ThinkPad USB 3.0 Ethernet Adapter (part number 4X90E51405) driver, various versions, was found to contain a privilege escalation vulnerability that could allow a local user to execute arbitrary code with administrative or system level privileges."}], "problemTypes": [{"descriptions": [{"description": "Privilege escalation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-31T09:57:01", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.lenovo.com/us/en/product_security/LEN-9896"}, {"name": "100520", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/100520"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@lenovo.com", "DATE_PUBLIC": "2017-08-24T00:00:00", "ID": "CVE-2017-3746", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ThinkPad USB 3.0 Ethernet Adapter Driver", "version": {"version_data": [{"version_value": "various versions"}]}}]}, "vendor_name": "Lenovo Group Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "ThinkPad USB 3.0 Ethernet Adapter (part number 4X90E51405) driver, various versions, was found to contain a privilege escalation vulnerability that could allow a local user to execute arbitrary code with administrative or system level privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Privilege escalation"}]}]}, "references": {"reference_data": [{"name": "https://support.lenovo.com/us/en/product_security/LEN-9896", "refsource": "CONFIRM", "url": "https://support.lenovo.com/us/en/product_security/LEN-9896"}, {"name": "100520", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100520"}]}}}}, "cveMetadata": {"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2017-3746", "datePublished": "2017-08-24T00:00:00", "dateReserved": "2016-12-16T00:00:00", "dateUpdated": "2017-08-31T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lenovo:thinkpad_usb_3.0_ethernet_adapter_driver:-:*:*:*:*:*:*:*", "matchCriteriaId": "70F8C4C6-25FB-4B50-9E77-C194974306F2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "ThinkPad USB 3.0 Ethernet Adapter (part number 4X90E51405) driver, various versions, was found to contain a privilege escalation vulnerability that could allow a local user to execute arbitrary code with administrative or system level privileges."}, {"lang": "es", "value": "El controlador de ThinkPad USB 3.0 Ethernet Adapter (part number 4X90E51405), en varias versiones, contiene una vulnerabilidad de escalado de privilegios que podr\u00eda permitir que un usuario local ejecute c\u00f3digo arbitrario con privilegios de nivel administrativo o de sistema."}], "id": "CVE-2017-3746", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-08-29T01:35:13.767", "references": [{"source": "psirt@lenovo.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/100520"}, {"source": "psirt@lenovo.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://support.lenovo.com/us/en/product_security/LEN-9896"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}