CVE-2017-3753
MEDIUMLenovo UEFI Firmware - Authenticated Code Injection via AMI BIOS
Title source: llmDescription
A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. (AMI). With this vulnerability, conditions exist where an attacker with administrative privileges or physical access to a system may be able to run specially crafted code that can allow them to bypass system protections such as Device Guard and Hyper-V.
References (1)
Core 1
Core References
Mitigation, Vendor Advisory x_refsource_confirm
https://support.lenovo.com/us/en/product_security/LEN-14695
Scores
CVSS v3
6.8
EPSS
0.0004
EPSS Percentile
13.8%
Attack Vector
PHYSICAL
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-94
Status
published
Products (50)
lenovo/63_firmware
fckt78a
lenovo/h50-30g_firmware
fckt78a
lenovo/ideacentre_300-20ish_firmware
lenovo/ideacentre_300s-11ish_firmware
lenovo/ideacentre_510s-08ish_firmware
lenovo/ideacentre_510s-23isu_firmware
o2ekt24a
lenovo/ideacentre_700_firmware
lenovo/m4500_firmware
fckt78a
lenovo/m4500_id_firmware
fckt78a
lenovo/m4550_id_firmware
fckt78a
... and 40 more
Published
Aug 10, 2017
Tracked Since
Feb 18, 2026