CVE-2017-3746

{"id": "CVE-2017-3746", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2017-08-29T01:35:13.767", "references": [{"url": "http://www.securityfocus.com/bid/100520", "tags": ["Third Party Advisory", "VDB Entry"], "source": "psirt@lenovo.com"}, {"url": "https://support.lenovo.com/us/en/product_security/LEN-9896", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@lenovo.com"}, {"url": "http://www.securityfocus.com/bid/100520", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.lenovo.com/us/en/product_security/LEN-9896", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "ThinkPad USB 3.0 Ethernet Adapter (part number 4X90E51405) driver, various versions, was found to contain a privilege escalation vulnerability that could allow a local user to execute arbitrary code with administrative or system level privileges."}, {"lang": "es", "value": "El controlador de ThinkPad USB 3.0 Ethernet Adapter (part number 4X90E51405), en varias versiones, contiene una vulnerabilidad de escalado de privilegios que podr\u00eda permitir que un usuario local ejecute c\u00f3digo arbitrario con privilegios de nivel administrativo o de sistema."}], "lastModified": "2024-11-21T03:26:03.443", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lenovo:thinkpad_usb_3.0_ethernet_adapter_driver:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70F8C4C6-25FB-4B50-9E77-C194974306F2"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@lenovo.com"}