CVE-2017-3751

HIGH

ThinkPad Compact USB Keyboard with TrackPoint <1.5.5.0 - Code Injec...

Title source: llm
STIX 2.1

Description

An unquoted service path vulnerability was identified in the driver for the ThinkPad Compact USB Keyboard with TrackPoint versions earlier than 1.5.5.0. This could allow an attacker with local privileges to execute code with administrative privileges.

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://support.lenovo.com/us/en/product_security/LEN-15061

Scores

CVSS v3 7.8
EPSS 0.0004
EPSS Percentile 13.7%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-428
Status published
Products (2)
lenovo/thinkpad_compact_usb_keyboard_driver
Lenovo Group Ltd./ThinkPad Compact USB Keyboard with TrackPoint Driver Earlier than 1.5.5.0
Published Aug 10, 2017
Tracked Since Feb 18, 2026