Remote Code Execution Vulnerability in Lenovo Service Framework
CVE-2017-3758

9.8CRITICAL

Key Information:

Vendor: Lenovo
Status: Service Framework Application
Vendor: CVE Published:; 17 October 2017

What is CVE-2017-3758?

The Lenovo Service Framework application has been identified with an improper access control vulnerability affecting several Android components. This flaw can be exploited by attackers to perform remote code execution, potentially allowing them to take control of affected devices. Ensuring that users deploy the latest updates and best security practices can help mitigate the associated risks.

Affected Version(s)

Service Framework application various versions

References

https://support.lenovo.com/us/en/product_security/LEN-15374

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 17, 2017
Vulnerability Reserved
Dec 16, 2016