Vulnerability Details : CVE-2017-3741
In the Lenovo Power Management driver before 1.67.12.24, a local user may alter the trackpoint's firmware and stop the trackpoint from functioning correctly. This issue only affects ThinkPad X1 Carbon 5th generation.
Exploit prediction scoring system (EPSS) score for CVE-2017-3741
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-3741
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:P/A:N |
3.9
|
2.9
|
NIST |
3.3
|
LOW | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
1.8
|
1.4
|
NIST |
References for CVE-2017-3741
-
https://support.lenovo.com/us/en/product_security/LEN-14440
Local User Can Alter Trackpoint Functionality in Lenovo Power Management Driver - USVendor Advisory
Products affected by CVE-2017-3741
- cpe:2.3:a:lenovo:power_management:1.67.12.23:*:*:*:*:*:*:*
- cpe:2.3:a:lenovo:power_management:1.67.12.19:*:*:*:*:*:*:*