CVE-2017-3748

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2017-3748
On Lenovo VIBE mobile phones, improper access controls on the nac_server component can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user (commonly known as 'rooting' or "jail breaking" a device).

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector : AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://www.securityfocus.com/bid/99295 Third Party Advisory VDB Entry
https://support.lenovo.com/us/en/product_security/LEN-15823 Mitigation Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
OR cpe:2.3:h:lenovo:vibe_a1600:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:vibe_a2560:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:vibe_a2800:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:vibe_a2860:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:vibe_a2880:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:vibe_a3000:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:vibe_a3500:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:vibe_a3600-d:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:vibe_a3600u:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:vibe_a3800-d:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:vibe_a3900:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:vibe_a6000:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:vibe_a6000-i:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:vibe_a6020i37:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:vibe_a6600:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:vibe_a6800:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:vibe_k30-e:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:vibe_k30-w-cu:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:vibe_k32c30:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:vibe_k80m:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2017-06-29 15:29

Updated : 2024-02-28 16:04

NVD link : CVE-2017-3748

Mitre link : CVE-2017-3748

CVE.ORG link : CVE-2017-3748

JSON object : View

Products Affected

lenovo

  • vibe_a6600
  • vibe_a1600
  • vibe_a2560
  • vibe_a3000
  • vibe_k30-e
  • vibe_a3600u
  • vibe_a3900
  • vibe_a2880
  • vibe_a3600-d
  • vibe_k30-w-cu
  • vibe_k32c30
  • vibe_a6000-i
  • vibe_a6020i37
  • vibe_a2800
  • vibe_a6000
  • vibe_a3800-d
  • vibe_a6800
  • vibe_a3500
  • vibe_a2860
  • vibe_k80m

google

  • android
CWE
NVD-CWE-noinfo