CVE-2017-3756

Name: CVE-2017-3756
Creator: NVD / NIST
Published: 2017-08-18T19:29:00.23+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.38%

Last modified Jun 17, 2026

CVE-2017-3756 is a vulnerability of currently unknown severity. A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems versions earlier than 1.82.0.17. An attacker with local privileges could execute code with administrative privileges via an unquoted service path.. EPSS estimates a 0.38% chance of exploitation in the next 30 days.

Description

A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems versions earlier than 1.82.0.17. An attacker with local privileges could execute code with administrative privileges via an unquoted service path.

Metrics

EPSS Probability

0.38%

29.4th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Lenovo	Thinkpad 10 Ella 2 Bios	All versions
Lenovo	Thinkpad 11e Beema Bios	All versions
Lenovo	Thinkpad 11e Braswell Bios	All versions
Lenovo	Thinkpad 11e Broadwell Bios	All versions
Lenovo	Thinkpad 11e Skylake Bios	All versions
Lenovo	Thinkpad 13e Bios	All versions
Lenovo	Thinkpad E450 Bios	All versions
Lenovo	Thinkpad E450c Bios	All versions
Lenovo	Thinkpad E455 Bios	All versions
Lenovo	Thinkpad E460 Bios	All versions
Lenovo	Thinkpad E465 Bios	All versions
Lenovo	Thinkpad E550 Bios	All versions
Lenovo	Thinkpad E550c Bios	All versions
Lenovo	Thinkpad E555 Bios	All versions
Lenovo	Thinkpad E560 Bios	All versions
Lenovo	Thinkpad E565 Bios	All versions
Lenovo	Thinkpad Edge E440 Bios	All versions
Lenovo	Thinkpad Edge E445 Bios	All versions
Lenovo	Thinkpad Edge E540 Bios	All versions
Lenovo	Thinkpad Edge E545 Bios	All versions
Lenovo	Thinkpad Helix 20cg Bios	All versions
Lenovo	Thinkpad Helix 20ch Bios	All versions
Lenovo	Thinkpad L440 Bios	All versions
Lenovo	Thinkpad L450 Bios	All versions
Lenovo	Thinkpad L460 Bios	All versions
Lenovo	Thinkpad L540 Bios	All versions
Lenovo	Thinkpad L560 Bios	All versions
Lenovo	Thinkpad P50 Bios	All versions
Lenovo	Thinkpad P50s Bios	All versions
Lenovo	Thinkpad P70 Bios	All versions
Lenovo	Thinkpad S1 Yoga 12 Bios	All versions
Lenovo	Thinkpad S1 Yoga Non Vpro Bios	All versions
Lenovo	Thinkpad S1 Yoga Vpro Bios	All versions
Lenovo	Thinkpad S3 S440 Bios	All versions
Lenovo	Thinkpad S3 Yoga 14 Bios	All versions
Lenovo	Thinkpad S5 E560p Bios	All versions
Lenovo	Thinkpad S5 Yoga 15 Bios	All versions
Lenovo	Thinkpad S540 Bios	All versions
Lenovo	Thinkpad T440 Bios	All versions
Lenovo	Thinkpad T440p Bios	All versions
Lenovo	Thinkpad T440s Bios	All versions
Lenovo	Thinkpad T440u Bios	All versions
Lenovo	Thinkpad T450 Bios	All versions
Lenovo	Thinkpad T450s Bios	All versions
Lenovo	Thinkpad T460 Bios	All versions
Lenovo	Thinkpad T460p Bios	All versions
Lenovo	Thinkpad T460s Bios	All versions
Lenovo	Thinkpad T540 Bios	All versions
Lenovo	Thinkpad T540p Bios	All versions
Lenovo	Thinkpad T550 Bios	All versions

Showing 50 of 148 affected configurations. See NVD for the full list.

References

http://www.securityfocus.com/bid/100305Third Party Advisory, VDB Entry
https://support.lenovo.com/us/en/product_security/LEN-15765Vendor Advisory
http://www.securityfocus.com/bid/100305Third Party Advisory, VDB Entry
https://support.lenovo.com/us/en/product_security/LEN-15765Vendor Advisory

Timeline

Published: Aug 18, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-3756?

How severe is CVE-2017-3756?

Severity scoring for CVE-2017-3756 is pending analysis. The EPSS model estimates a 0.38% probability of exploitation in the next 30 days.

How do I fix CVE-2017-3756?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-3756?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST