Strix
26.1K

CVE-2017-3753

UnknownEPSS 0.52%

Last modified

CVE-2017-3753 is a vulnerability of currently unknown severity. A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. (AMI). EPSS estimates a 0.52% chance of exploitation in the next 30 days.

Description

A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. (AMI). With this vulnerability, conditions exist where an attacker with administrative privileges or physical access to a system may be able to run specially crafted code that can allow them to bypass system protections such as Device Guard and Hyper-V.

Metrics

CVSS 3.0
/10
EPSS Probability
0.52%

40.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
LenovoIdeacentre 300-20ish FirmwareAll versions
LenovoIdeacentre 300s-11ish FirmwareAll versions
LenovoIdeacentre 510s-08ish FirmwareAll versions
LenovoIdeacentre 700 FirmwareAll versions
Lenovo63 Firmwarefckt78a
LenovoH50-30g Firmwarefckt78a
LenovoM4500 Firmwarefckt78a
LenovoM4500 Id Firmwarefckt78a
LenovoM4550 Id Firmwarefckt78a
LenovoS500 Firmwarem0kkt24a
LenovoV320-15iap FirmwareAll versions
LenovoThinkcentre E73 Firmwarefckt78a
LenovoThinkcentre E73s Firmwarefckt78a
LenovoThinkcentre E74 Firmwarem05kt54a
LenovoThinkcentre E74s Firmwarem05kt54a
LenovoThinkcentre E75 T\/S FirmwareAll versions
LenovoThinkcentre E79 Firmwarem0lkt12a
LenovoThinkcentre E93 Firmwarefbktc5a
LenovoThinkcentre M4500k Firmwarefckt78a
LenovoThinkcentre M4500q Firmwarefhkt66a
LenovoThinkcentre M4500t\/S Firmwarefckt78a
LenovoThinkcentre M4600t\/S Firmwarem05kt54a
LenovoThinkcentre M600 Firmwarem00kt44a
LenovoThinkcentre M610 FirmwareAll versions
LenovoThinkcentre M6500t\/S Firmwarefbktc5a
LenovoThinkcentre M6600 Firmwarefwkt39a
LenovoThinkcentre M6600q Firmwarefwkt39a
LenovoThinkcentre M6600t\/S Firmwarefwkt39a
LenovoThinkcentre M700 Firmwarem05kt54a
LenovoThinkcentre M710t\/S FirmwareAll versions
LenovoThinkcentre M715q FirmwareAll versions
LenovoThinkcentre M72e Firmwaref1kt71a
LenovoThinkcentre M73 Firmwarefckt78a
LenovoThinkcentre M73p Firmwarefbktc5a
LenovoThinkcentre M79 Firmwarem0lkt12a
LenovoThinkcentre M800 Firmwarefwkt39a
LenovoThinkcentre M83 Firmwarefbktcga
LenovoThinkcentre M8500t\/S Firmwarefbktc5a
LenovoThinkcentre M8600t\/S Firmwarefwkt39a
LenovoThinkcentre M900 Firmwarefwkt39a
LenovoThinkcentre M910t\/S FirmwareAll versions
LenovoThinkcentre M910q FirmwareAll versions
LenovoThinkcentre M910x FirmwareAll versions
LenovoThinkcentre M92 Firmware9skt95a
LenovoThinkcentre M92p Firmware9skt95a
LenovoThinkcentre M93 Firmwarefbktc5a
LenovoThinkcentre M93p Firmwarefbktc5a
LenovoYangtian Afh110 Firmwarem05kt73a
LenovoYangtian Afh81 Firmwarefckt80a
LenovoYangtian Afq150 Firmwarefwkt57a

Showing 50 of 111 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2017-3753?
A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. (AMI). With this vulnerability, conditions exist where an attacker with administrative privileges or physical access to a system may be able to run specially crafted code that can allow them to bypass system protections such as Device Guard and Hyper-V.
How severe is CVE-2017-3753?
Severity scoring for CVE-2017-3753 is pending analysis. The EPSS model estimates a 0.52% probability of exploitation in the next 30 days.
How do I fix CVE-2017-3753?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-3753?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST