Vulnerability Details CVE-2017-3775
Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 12.2%
CVSS Severity
CVSS v3 Score 6.4
CVSS v2 Score 6.9
References
Products affected by CVE-2017-3775
-
cpe:2.3:h:lenovo:flex_system_x240_m5:-
-
cpe:2.3:h:lenovo:flex_system_x280_x6:-
-
cpe:2.3:h:lenovo:flex_system_x480_x6:-
-
cpe:2.3:h:lenovo:flex_system_x880:-
-
cpe:2.3:h:lenovo:nextscale_nx360_m5:-
-
cpe:2.3:h:lenovo:system_x3250_m6:-
-
cpe:2.3:h:lenovo:system_x3500_m5:-
-
cpe:2.3:h:lenovo:system_x3550_m5:-
-
cpe:2.3:h:lenovo:system_x3650_m5:-
-
cpe:2.3:h:lenovo:system_x3850_x6:-
-
cpe:2.3:h:lenovo:system_x3950_x6:-
-
cpe:2.3:o:lenovo:flex_system_x240_m5_bios:*
-
cpe:2.3:o:lenovo:flex_system_x280_x6_bios:*
-
cpe:2.3:o:lenovo:flex_system_x480_x6_bios:*
-
cpe:2.3:o:lenovo:flex_system_x880_bios:*
-
cpe:2.3:o:lenovo:nextscale_nx360_m5_bios:*
-
cpe:2.3:o:lenovo:system_x3250_m6_bios:*
-
cpe:2.3:o:lenovo:system_x3500_m5_bios:*
-
cpe:2.3:o:lenovo:system_x3550_m5_bios:*
-
cpe:2.3:o:lenovo:system_x3650_m5_bios:*
-
cpe:2.3:o:lenovo:system_x3850_x6_bios:*
-
cpe:2.3:o:lenovo:system_x3950_x6_bios:*