CVE-2017-3740

moderate-risk

Published 2017-06-04

In Lenovo Active Protection System before 1.82.0.14, an attacker with local privileges could send commands to the system's embedded controller, which could cause a denial of service attack on the system or the ability to alter hardware functionality.

Do I need to act?

-

0.13% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

5

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (20)

Active Protection System

Active Protection System

Active Protection System

Active Protection System

Active Protection System

Active Protection System

Active Protection System

Active Protection System

Active Protection System

Active Protection System

Active Protection System

Active Protection System

Active Protection System

Active Protection System

Active Protection System

Active Protection System

Active Protection System

Active Protection System

Active Protection System

Active Protection System

Affected Vendors

Lenovo

References (2)

Vendor Advisory https://support.lenovo.com/us/en/product_security/LEN-13637

Vendor Advisory https://support.lenovo.com/us/en/product_security/LEN-13637

44

/ 100

moderate-risk

Severity 18/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 25/34 · High