CVE-2017-3751

HIGH

ThinkPad Compact USB Keyboard with TrackPoint <1.5.5.0 - Code Injec...

Title source: llm
STIX 2.1

Description

An unquoted service path vulnerability was identified in the driver for the ThinkPad Compact USB Keyboard with TrackPoint versions earlier than 1.5.5.0. This could allow an attacker with local privileges to execute code with administrative privileges.

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://support.lenovo.com/us/en/product_security/LEN-15061

Scores

CVSS v3 7.8
EPSS 0.0037
EPSS Percentile 29.1%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-428
Status published
Products (2)
lenovo/thinkpad_compact_usb_keyboard_driver
Lenovo Group Ltd./ThinkPad Compact USB Keyboard with TrackPoint Driver Earlier than 1.5.5.0
Published Aug 10, 2017
Tracked Since Feb 18, 2026