{"containers": {"cna": {"affected": [{"product": "Lenovo Vibe and Lenovo China-only Moto Mobile Phones", "vendor": "Lenovo Group Ltd.", "versions": [{"status": "affected", "version": "Earlier than 6.0"}]}], "datePublic": "2017-06-28T00:00:00", "descriptions": [{"lang": "en", "value": "On Lenovo VIBE mobile phones, the Idea Friend Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3750."}], "problemTypes": [{"descriptions": [{"description": "Privilege escalation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-06-29T14:57:01", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.lenovo.com/us/en/product_security/LEN-15823"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@lenovo.com", "DATE_PUBLIC": "2017-06-28T00:00:00", "ID": "CVE-2017-3749", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Lenovo Vibe and Lenovo China-only Moto Mobile Phones", "version": {"version_data": [{"version_value": "Earlier than 6.0"}]}}]}, "vendor_name": "Lenovo Group Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "On Lenovo VIBE mobile phones, the Idea Friend Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3750."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Privilege escalation"}]}]}, "references": {"reference_data": [{"name": "https://support.lenovo.com/us/en/product_security/LEN-15823", "refsource": "CONFIRM", "url": "https://support.lenovo.com/us/en/product_security/LEN-15823"}]}}}}, "cveMetadata": {"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2017-3749", "datePublished": "2017-06-28T00:00:00", "dateReserved": "2016-12-16T00:00:00", "dateUpdated": "2017-06-29T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "matchCriteriaId": "B349128A-CD08-4B2B-975B-650831183DBE", "versionEndIncluding": "5.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:vibe_a1600:-:*:*:*:*:*:*:*", "matchCriteriaId": "FF657581-9D69-4310-AE50-BE48CA5D4CB9", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:vibe_a2560:-:*:*:*:*:*:*:*", "matchCriteriaId": "0CFB6B14-B5BB-48AB-92CB-CF7487512DC5", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:vibe_a2800:-:*:*:*:*:*:*:*", "matchCriteriaId": "325AC02E-E178-40D9-90D0-4E79843290B9", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:vibe_a2860:-:*:*:*:*:*:*:*", "matchCriteriaId": "339FC9D6-19B2-4B91-B899-00E5E277B303", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:vibe_a2880:-:*:*:*:*:*:*:*", "matchCriteriaId": "06D59E67-2F49-4B3F-9437-94C7140BCF31", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:vibe_a3000:-:*:*:*:*:*:*:*", "matchCriteriaId": "CBBAF531-27D5-44D6-9EEC-BA86172290E8", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:vibe_a3500:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D7D1D8F-70CB-4B2F-BC7D-1B10E7EB2077", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:vibe_a3600-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "6F2F72DE-F368-4A03-BFA4-56B9FA4938AF", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:vibe_a3600u:-:*:*:*:*:*:*:*", "matchCriteriaId": "6401481C-49A1-4886-80B8-E14569D77DA4", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:vibe_a3800-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "31FDA3C7-BC99-45A5-AE81-46DA8FA579C7", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:vibe_a3900:-:*:*:*:*:*:*:*", "matchCriteriaId": "65E0F862-F45A-46CA-941A-99ED0FFF4272", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:vibe_a6000:-:*:*:*:*:*:*:*", "matchCriteriaId": "32979F5A-1DD6-42A9-9E10-E34CFFC96626", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:vibe_a6000-i:-:*:*:*:*:*:*:*", "matchCriteriaId": "898242F7-7C48-4439-8520-A0680EFD9FCD", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:vibe_a6020i37:-:*:*:*:*:*:*:*", "matchCriteriaId": "EC57159C-1E88-43AB-A56E-66CA3AD171EE", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:vibe_a6600:-:*:*:*:*:*:*:*", "matchCriteriaId": "83D6A8C1-E7E2-449F-8F6C-02993935E3CB", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:vibe_a6800:-:*:*:*:*:*:*:*", "matchCriteriaId": "ADEF9C5D-A634-4E0D-AD7A-7F84BD7EF0CC", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:vibe_k30-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "72AFFC5D-B159-4A7A-A482-455260883DC2", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:vibe_k30-w-cu:-:*:*:*:*:*:*:*", "matchCriteriaId": "B75A5EB3-6E3D-42D5-98E5-E0523342C11A", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:vibe_k32c30:-:*:*:*:*:*:*:*", "matchCriteriaId": "6E8E4082-C625-4CC2-BD8E-3D8DD26FC5F3", "vulnerable": false}, {"criteria": "cpe:2.3:h:lenovo:vibe_k80m:-:*:*:*:*:*:*:*", "matchCriteriaId": "AECF65FF-B344-446E-B303-BDB58FFC7290", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "On Lenovo VIBE mobile phones, the Idea Friend Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3750."}, {"lang": "es", "value": "En los tel\u00e9fonos m\u00f3viles Lenovo VIBE, la aplicaci\u00f3n de Android Idea Friend permite que los datos privados se copien y restauren mediante Android Debug Bridge, lo que permite la falsificaci\u00f3n que conduce a un escalado de privilegios junto con CVE-2017-3748 y CVE-2017-3750."}], "id": "CVE-2017-3749", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.5, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-06-29T15:29:00.237", "references": [{"source": "psirt@lenovo.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://support.lenovo.com/us/en/product_security/LEN-15823"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}