Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-3740

Summary
Assigner-lenovo
Assigner Org ID-da227ddf-6e25-4b41-b023-0f976dcaca4b
Published At-03 Jun, 2017 | 00:00
Updated At-05 Aug, 2024 | 14:39
Rejected At-
Credits

In Lenovo Active Protection System before 1.82.0.14, an attacker with local privileges could send commands to the system's embedded controller, which could cause a denial of service attack on the system or the ability to alter hardware functionality.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:lenovo
Assigner Org ID:da227ddf-6e25-4b41-b023-0f976dcaca4b
Published At:03 Jun, 2017 | 00:00
Updated At:05 Aug, 2024 | 14:39
Rejected At:
▼CVE Numbering Authority (CNA)

In Lenovo Active Protection System before 1.82.0.14, an attacker with local privileges could send commands to the system's embedded controller, which could cause a denial of service attack on the system or the ability to alter hardware functionality.

Affected Products
Vendor
Lenovo Group LimitedLenovo Group Ltd.
Product
Active Protection System
Versions
Affected
  • Earlier than 1.82.0.14
Problem Types
TypeCWE IDDescription
textN/ADenial of Service
Type: text
CWE ID: N/A
Description: Denial of Service
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.lenovo.com/us/en/product_security/LEN-13637
x_refsource_CONFIRM
Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-13637
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.lenovo.com/us/en/product_security/LEN-13637
x_refsource_CONFIRM
x_transferred
Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-13637
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@lenovo.com
Published At:04 Jun, 2017 | 21:29
Updated At:20 Apr, 2025 | 01:37

In Lenovo Active Protection System before 1.82.0.14, an attacker with local privileges could send commands to the system's embedded controller, which could cause a denial of service attack on the system or the ability to alter hardware functionality.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.05.5MEDIUM
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary2.04.9MEDIUM
AV:L/AC:L/Au:N/C:N/I:N/A:C
Type: Primary
Version: 3.0
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 4.9
Base severity: MEDIUM
Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CPE Matches
Lenovo Group Limited
lenovo
>>active_protection_system>>1.00b
cpe:2.3:a:lenovo:active_protection_system:1.00b:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.01b
cpe:2.3:a:lenovo:active_protection_system:1.01b:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.20b
cpe:2.3:a:lenovo:active_protection_system:1.20b:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.21
cpe:2.3:a:lenovo:active_protection_system:1.21:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.22
cpe:2.3:a:lenovo:active_protection_system:1.22:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.23
cpe:2.3:a:lenovo:active_protection_system:1.23:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.30b
cpe:2.3:a:lenovo:active_protection_system:1.30b:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.31
cpe:2.3:a:lenovo:active_protection_system:1.31:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.32
cpe:2.3:a:lenovo:active_protection_system:1.32:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.33b
cpe:2.3:a:lenovo:active_protection_system:1.33b:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.34
cpe:2.3:a:lenovo:active_protection_system:1.34:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.40
cpe:2.3:a:lenovo:active_protection_system:1.40:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.41
cpe:2.3:a:lenovo:active_protection_system:1.41:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.50
cpe:2.3:a:lenovo:active_protection_system:1.50:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.51
cpe:2.3:a:lenovo:active_protection_system:1.51:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.52
cpe:2.3:a:lenovo:active_protection_system:1.52:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.53
cpe:2.3:a:lenovo:active_protection_system:1.53:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.54
cpe:2.3:a:lenovo:active_protection_system:1.54:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.61
cpe:2.3:a:lenovo:active_protection_system:1.61:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.62
cpe:2.3:a:lenovo:active_protection_system:1.62:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.63
cpe:2.3:a:lenovo:active_protection_system:1.63:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.64
cpe:2.3:a:lenovo:active_protection_system:1.64:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.70
cpe:2.3:a:lenovo:active_protection_system:1.70:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.71
cpe:2.3:a:lenovo:active_protection_system:1.71:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.72
cpe:2.3:a:lenovo:active_protection_system:1.72:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.73
cpe:2.3:a:lenovo:active_protection_system:1.73:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.74
cpe:2.3:a:lenovo:active_protection_system:1.74:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.75
cpe:2.3:a:lenovo:active_protection_system:1.75:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.76
cpe:2.3:a:lenovo:active_protection_system:1.76:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.77.0.5
cpe:2.3:a:lenovo:active_protection_system:1.77.0.5:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.77.0.7
cpe:2.3:a:lenovo:active_protection_system:1.77.0.7:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.77.0.8
cpe:2.3:a:lenovo:active_protection_system:1.77.0.8:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.77.0.9
cpe:2.3:a:lenovo:active_protection_system:1.77.0.9:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.77.0.11
cpe:2.3:a:lenovo:active_protection_system:1.77.0.11:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.77.0.20
cpe:2.3:a:lenovo:active_protection_system:1.77.0.20:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.77.0.26
cpe:2.3:a:lenovo:active_protection_system:1.77.0.26:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.78.0.09
cpe:2.3:a:lenovo:active_protection_system:1.78.0.09:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.78.0.10
cpe:2.3:a:lenovo:active_protection_system:1.78.0.10:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.78.0.11
cpe:2.3:a:lenovo:active_protection_system:1.78.0.11:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.79.0.03
cpe:2.3:a:lenovo:active_protection_system:1.79.0.03:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.80.1.00
cpe:2.3:a:lenovo:active_protection_system:1.80.1.00:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.80.3.00
cpe:2.3:a:lenovo:active_protection_system:1.80.3.00:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.80.8.00
cpe:2.3:a:lenovo:active_protection_system:1.80.8.00:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.80.11.00
cpe:2.3:a:lenovo:active_protection_system:1.80.11.00:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.81.0.08
cpe:2.3:a:lenovo:active_protection_system:1.81.0.08:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.82.0.03
cpe:2.3:a:lenovo:active_protection_system:1.82.0.03:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.82.0.06
cpe:2.3:a:lenovo:active_protection_system:1.82.0.06:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.82.0.07
cpe:2.3:a:lenovo:active_protection_system:1.82.0.07:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>active_protection_system>>1.82.0.10
cpe:2.3:a:lenovo:active_protection_system:1.82.0.10:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support.lenovo.com/us/en/product_security/LEN-13637psirt@lenovo.com
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-13637af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-13637
Source: psirt@lenovo.com
Resource:
Vendor Advisory
Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-13637
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

6Records found
CVE-2021-3463
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-4.2||MEDIUM
EPSS-0.04% / 11.37%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 20:41
Updated-03 Aug, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_l15_gen_1thinkpad_x13_yoga_gen_1thinkpad_a275thinkpad_e15thinkpad_x1_yoga_gen_2thinkpad_p17_gen_1thinkpad_x380_yogathinkpad_a485thinkpad_25thinkpad_s2_yoga_gen_5thinkpad_e490thinkpad_s2_gen_2thinkpad_p53sthinkpad_t480sthinkpad_t570thinkpad_s1_gen_4thinkpad_x13_yoga_gen_2thinkpad_t14s_gen_1thinkpad_t490thinkpad_p51sthinkpad_e14_gen2thinkpad_t590thinkpad_x390_yogathinkpad_p53thinkpad_x13_gen_2ithinkpad_e575thinkpad_r14_gen_2thinkpad_e14thinkpad_x1_yoga_gen_6thinkpad_e570thinkpad_l590thinkpad_l13_yoga_gen_2thinkpad_l570thinkpad_x1_carbon_gen_5thinkpad_p14s_gen_1thinkpad_p52thinkpad_p43sthinkpad_a475thinkpad_l480thinkpad_e475power_management_driverthinkpad_x1_titanium_gen_1thinkpad_s5_gen_2thinkpad_e15_gen2thinkpad_t14_gen_2thinkpad_x1_yoga_gen_4thinkpad_13_gen_2thinkpad_e495thinkpad_s2_yoga_gen_6thinkpad_x1_carbon_gen_8thinkpad_x270thinkpad_l580thinkpad_a285thinkpad_e580thinkpad_p1_gen_3thinkpad_p1thinkpad_l14_gen_2thinkpad_x1_tablet_gen_2thinkpad_l13_gen_2thinkpad_x280thinkpad_p71thinkpad_t15_gen_1thinkpad_x390thinkpad_s3_gen_2thinkpad_p1_gen_2thinkpad_t15g_gen_1thinkpad_x1_yoga_gen_3thinkpad_11e_yoga_gen_6thinkpad_r14thinkpad_yoga_370thinkpad_l470thinkpad_x1_carbon_gen_7thinkpad_x395thinkpad_l15_gen_2thinkpad_t470thinkpad_p15v_gen_1thinkpad_l390thinkpad_e570cthinkpad_l380thinkpad_t580thinkpad_l14_gen_1thinkpad_l390_yogathinkpad_r480thinkpad_x1_extremethinkpad_e480thinkpad_l490thinkpad_11e_gen_5thinkpad_l380_yogathinkpad_p51thinkpad_l13thinkpad_t490sthinkpad_p73thinkpad_e470thinkpad_t15p_gen_1thinkpad_s2_gen_5thinkpad_x1_tablet_gen_3thinkpad_x1_extreme_gen_3thinkpad_l13_yoga_gen_1thinkpad_e590thinkpad_t470sthinkpad_p72thinkpad_t14_gen_1thinkpad_t15_gen_2thinkpad_t470pthinkpad_x12thinkpad_l13_gen_1thinkpad_x13_gen_1thinkpad_t14s_gen_2ithinkpad_e470cthinkpad_s2_gen_6thinkpad_x1_nano_gen_1thinkpad_e595thinkpad_x1_carbon_gen_9thinkpad_t495thinkpad_p14s_gen_2thinkpad_l13_yogathinkpad_p15s_gen_2thinkpad_p15_gen_1thinkpad_t480thinkpad_p15s_gen_1thinkpad_x1_extreme_2ndthinkpad_p52sthinkpad_x1_carbon_gen_6thinkpad_yoga_11e_gen_5thinkpad_x1_yoga_gen_5Power Management Driver for Windows 10
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-5248
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 20.76%
||
7 Day CHG~0.00%
Published-30 Jun, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The StopProxy command in LSC.Services.SystemService in Lenovo Solution Center before 3.3.003 allows local users to terminate arbitrary processes via the PID argument.

Action-Not Available
Vendor-n/aLenovo Group Limited
Product-solution_centern/a
CVE-2022-1110
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 11.69%
||
7 Day CHG~0.00%
Published-18 May, 2022 | 16:10
Updated-02 Aug, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in Lenovo Smart Standby Driver prior to version 4.1.50.0 could allow a local attacker to cause denial of service.

Action-Not Available
Vendor-Lenovo Group Limited
Product-smart_standby_driverSmart Standby Driver
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-0636
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-5||MEDIUM
EPSS-0.04% / 11.04%
||
7 Day CHG~0.00%
Published-22 Apr, 2022 | 20:30
Updated-02 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability was reported in Lenovo Thin Installer prior to version 1.3.0039 that could trigger a system crash.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thin_installerThin Installer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-3721
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 8.71%
||
7 Day CHG~0.00%
Published-22 Apr, 2022 | 20:30
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.20.10282 that could allow an attacker with local access to trigger a blue screen error.

Action-Not Available
Vendor-Lenovo Group Limited
Product-pcmanagerPCManager
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-6163
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.27% / 50.17%
||
7 Day CHG~0.00%
Published-26 Jun, 2019 | 14:12
Updated-16 Sep, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations.

Action-Not Available
Vendor-Lenovo Group Limited
Product-s200pb_seriesv100j200pj105thinkstationj100k_seriesj200c200e_seriesj115c100j110s200thinkpadthinkcentres205n200v200n100v_seriessystem_updatej205System Update
CWE ID-CWE-404
Improper Resource Shutdown or Release
Details not found