Vulnerability Details : CVE-2017-3750
On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3749.
Vulnerability category: Gain privilege
Exploit prediction scoring system (EPSS) score for CVE-2017-3750
Probability of exploitation activity in the next 30 days: 0.05%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 19 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-3750
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST |
6.4
|
MEDIUM | CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
0.5
|
5.9
|
NIST |
References for CVE-2017-3750
-
https://support.lenovo.com/us/en/product_security/LEN-15823
Local Root Exploit on Lenovo VIBE Mobile Phones - USMitigation;Vendor Advisory
Products affected by CVE-2017-3750
- cpe:2.3:o:google:android:*:*:*:*:*:*:*:*