CVE-2017-3775
Last modified
CVE-2017-3775 is a vulnerability of currently unknown severity. Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code.. EPSS estimates a 0.27% chance of exploitation in the next 30 days.
Description
Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Lenovo | Flex System X240 M5 Bios | < 2.61 |
| Lenovo | Flex System X280 X6 Bios | < 4.21 |
| Lenovo | Flex System X480 X6 Bios | < 4.21 |
| Lenovo | Flex System X880 Bios | < 4.21 |
| Lenovo | Nextscale Nx360 M5 Bios | < 2.61 |
| Lenovo | System X3250 M6 Bios | < 2.23 |
| Lenovo | System X3500 M5 Bios | < 2.61 |
| Lenovo | System X3550 M5 Bios | < 2.61 |
| Lenovo | System X3650 M5 Bios | < 2.61 |
| Lenovo | System X3850 X6 Bios | < 4.3 |
| Lenovo | System X3950 X6 Bios | < 4.3 |
References
- https://support.lenovo.com/us/en/solutions/LEN-20241Patch, Vendor Advisory
- https://support.lenovo.com/us/en/solutions/LEN-20241Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-3775?
How severe is CVE-2017-3775?
How do I fix CVE-2017-3775?
Are you affected by CVE-2017-3775?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST