CVE-2017-3753

MEDIUM

Lenovo UEFI - Privilege Escalation

Title source: llm

Description

A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. (AMI). With this vulnerability, conditions exist where an attacker with administrative privileges or physical access to a system may be able to run specially crafted code that can allow them to bypass system protections such as Device Guard and Hyper-V.

References (1)

[Mitigation, Vendor Advisory] https://support.lenovo.com/us/en/product_security/LEN-14695

Scores

CVSS v3 6.8

EPSS 0.0012

EPSS Percentile 31.6%

Attack Vector PHYSICAL

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-94

Status published

Products (50)

lenovo/ideacentre_300-20ish_firmware

lenovo/ideacentre_300s-11ish_firmware

lenovo/ideacentre_510s-08ish_firmware

lenovo/ideacentre_700_firmware

lenovo/63_firmware

lenovo/h50-30g_firmware

lenovo/m4500_firmware

lenovo/m4500_id_firmware

lenovo/m4550_id_firmware

lenovo/s500_firmware

... and 40 more

Published Aug 10, 2017

Tracked Since Feb 18, 2026