Vulnerabilities > CVE-2017-3740 - Unspecified vulnerability in Lenovo Active Protection System

CVSS 4.9 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

local

low complexity

lenovo

NVD

Published: 2017-06-04

Updated: 2019-10-03

Summary

In Lenovo Active Protection System before 1.82.0.14, an attacker with local privileges could send commands to the system's embedded controller, which could cause a denial of service attack on the system or the ability to alter hardware functionality.

Vulnerable Configurations

Part	Description	Count
Application	Lenovo Lenovo Active Protection System 1.00B Lenovo Active Protection System 1.01B Lenovo Active Protection System 1.20B Lenovo Active Protection System 1.21 Lenovo Active Protection System 1.22 Lenovo Active Protection System 1.23 Lenovo Active Protection System 1.30B Lenovo Active Protection System 1.31 Lenovo Active Protection System 1.32 Lenovo Active Protection System 1.33B Lenovo Active Protection System 1.34 Lenovo Active Protection System 1.40 Lenovo Active Protection System 1.41 Lenovo Active Protection System 1.50 Lenovo Active Protection System 1.51 Lenovo Active Protection System 1.52 Lenovo Active Protection System 1.53 Lenovo Active Protection System 1.54 Lenovo Active Protection System 1.61 Lenovo Active Protection System 1.62 Lenovo Active Protection System 1.63 Lenovo Active Protection System 1.64 Lenovo Active Protection System 1.70 Lenovo Active Protection System 1.71 Lenovo Active Protection System 1.72 Lenovo Active Protection System 1.73 Lenovo Active Protection System 1.74 Lenovo Active Protection System 1.75 Lenovo Active Protection System 1.76 Lenovo Active Protection System 1.77.0.5 Lenovo Active Protection System 1.77.0.7 Lenovo Active Protection System 1.77.0.8 Lenovo Active Protection System 1.77.0.9 Lenovo Active Protection System 1.77.0.11 Lenovo Active Protection System 1.77.0.20 Lenovo Active Protection System 1.77.0.26 Lenovo Active Protection System 1.78.0.09 Lenovo Active Protection System 1.78.0.10 Lenovo Active Protection System 1.78.0.11 Lenovo Active Protection System 1.79.0.03 Lenovo Active Protection System 1.80.1.00 Lenovo Active Protection System 1.80.3.00 Lenovo Active Protection System 1.80.8.00 Lenovo Active Protection System 1.80.11.00 Lenovo Active Protection System 1.81.0.08 Lenovo Active Protection System 1.82.0.03 Lenovo Active Protection System 1.82.0.06 Lenovo Active Protection System 1.82.0.07 Lenovo Active Protection System 1.82.0.10	49

References

https://support.lenovo.com/us/en/product_security/LEN-13637