Vulnerability Details CVE-2017-3754
Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an attacker with physical or administrative access to a system to be able to flash the BIOS with an arbitrary image and potentially run malicious BIOS code.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 12.6%
CVSS Severity
CVSS v3 Score 6.7
CVSS v2 Score 7.2
References
Products affected by CVE-2017-3754
-
cpe:2.3:h:lenovo:710s-13ikb/xiaoxin_air_13ikb:-
-
cpe:2.3:h:lenovo:710s-13isk/xiaoxin_air_13:-
-
cpe:2.3:h:lenovo:k21-80:-
-
cpe:2.3:h:lenovo:k22-80/lenovo_v720-12:-
-
cpe:2.3:h:lenovo:k41-80:-
-
cpe:2.3:h:lenovo:lenovo_ideapad_110-14ast:-
-
cpe:2.3:h:lenovo:lenovo_ideapad_110-15ast:-
-
cpe:2.3:h:lenovo:lenovo_ideapad_320-14ast:-
-
cpe:2.3:h:lenovo:lenovo_ideapad_320-15ast:-
-
cpe:2.3:h:lenovo:lenovo_xiaoxin_rui7000:-
-
cpe:2.3:h:lenovo:miix_710-12ikb:-
-
cpe:2.3:h:lenovo:miix_720-12ikb:-
-
cpe:2.3:h:lenovo:notebook_320-17ast:-
-
cpe:2.3:h:lenovo:rescuer_e520-15ikb:-
-
cpe:2.3:h:lenovo:v110-14iap:-
-
cpe:2.3:h:lenovo:v110-15iap:-
-
cpe:2.3:h:lenovo:v110-15ikb:-
-
cpe:2.3:h:lenovo:v110-15isk:-
-
cpe:2.3:h:lenovo:yoga_710-11ikb:-
-
cpe:2.3:o:lenovo:bios:-