CVE-2017-3756
HIGHLenovo Active Protection System <1.82.0.17 - Privilege Escalation
Title source: llmDescription
A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems versions earlier than 1.82.0.17. An attacker with local privileges could execute code with administrative privileges via an unquoted service path.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/100305
Vendor Advisory x_refsource_confirm
https://support.lenovo.com/us/en/product_security/LEN-15765
Scores
CVSS v3
7.8
EPSS
0.0006
EPSS Percentile
20.0%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (50)
lenovo/thinkpad_10_ella_2
lenovo/thinkpad_10_ella_2_bios
lenovo/thinkpad_11e_beema
lenovo/thinkpad_11e_beema_bios
lenovo/thinkpad_11e_braswell
lenovo/thinkpad_11e_braswell_bios
lenovo/thinkpad_11e_broadwell
lenovo/thinkpad_11e_broadwell_bios
lenovo/thinkpad_11e_skylake
lenovo/thinkpad_11e_skylake_bios
... and 40 more
Published
Aug 18, 2017
Tracked Since
Feb 18, 2026