{"id": "CVE-2017-3775", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.4, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.5}]}, "published": "2018-05-04T17:29:00.223", "references": [{"url": "https://support.lenovo.com/us/en/solutions/LEN-20241", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@lenovo.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code."}, {"lang": "es", "value": "Algunas versiones BIOS/UEFI del servidor x de Lenovo, cuando Secure Boot est\u00e1 habilitado por un administrador del sistema, no autentican correctamente el c\u00f3digo firmado antes de cargarlo. Como resultado, un atacante con acceso f\u00edsico al sistema podr\u00eda cargar c\u00f3digo no firmado."}], "lastModified": "2018-06-13T15:58:17.390", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:flex_system_x240_m5_bios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21457BA1-04A2-44F5-A33A-85FF81F09C44", "versionEndExcluding": "2.61"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:flex_system_x240_m5:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2D2CE7A5-1CEE-40C4-BE0E-573C28663A11"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:flex_system_x280_x6_bios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83D664BC-39A8-4A7E-95E1-ACF88A5D71D7", "versionEndExcluding": "4.21"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:flex_system_x280_x6:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1563A13F-2E56-4E83-9C16-68B2C81843DB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:flex_system_x480_x6_bios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5763A810-2C14-49F4-895E-D511B4C3FDB3", "versionEndExcluding": "4.21"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:flex_system_x480_x6:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F86B6B27-0E42-47C1-B2D9-A6C5B1364D9A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:flex_system_x880_bios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "61334EC1-3C26-4056-BBC5-E6D0066BDC31", "versionEndExcluding": "4.21"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:flex_system_x880:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "68ED17ED-BE60-4EE3-9599-C88C3C7A626C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:nextscale_nx360_m5_bios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E315447-AD2F-4861-A5BA-21DEA5ED1DA8", "versionEndExcluding": "2.61"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:nextscale_nx360_m5:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "723D2A74-F6F3-4C73-AFD9-CDAE930D0FB9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:system_x3250_m6_bios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B60CE27-0BF7-4672-857C-2340913EF887", "versionEndExcluding": "2.23"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:system_x3250_m6:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D89A2206-7012-4938-9BE2-ACF014E3F3B2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:system_x3500_m5_bios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4EA1D294-138D-44B4-A86B-58D4B9A70539", "versionEndExcluding": "2.61"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:system_x3500_m5:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5FC3467C-3F00-4EE3-B40E-3AE7F93094DD"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:system_x3550_m5_bios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6CB9785-3660-4578-A4E2-0DE50C7E57EA", "versionEndExcluding": "2.61"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:system_x3550_m5:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "57A78B63-6588-4C40-BEBB-88C8DF467A18"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:system_x3650_m5_bios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D08A24F-EAF0-4A74-9DDC-7564C09172D5", "versionEndExcluding": "2.61"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:system_x3650_m5:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "145F0B3C-A945-443B-AB08-329F72358801"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:system_x3850_x6_bios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB2B0B1A-F876-4280-B8CA-C829CCA51291", "versionEndExcluding": "4.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:system_x3850_x6:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F70A2471-D476-4FB7-8D1F-FEE0E4BF460C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:system_x3950_x6_bios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85425D7F-3087-477C-82B6-B829CDD6EA33", "versionEndExcluding": "4.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:system_x3950_x6:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "25A3A89F-CB39-4E76-BC64-3C4F4788FB8C"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@lenovo.com"}
