Vulnerability Details : CVE-2017-3763
An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of local LXCA accounts in LXCA versions earlier than 1.3.2.
Exploit prediction scoring system (EPSS) score for CVE-2017-3763
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 10 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-3763
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST |
6.7
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
0.8
|
5.9
|
NIST |
References for CVE-2017-3763
-
https://support.lenovo.com/us/en/product_security/LEN-16333
Attacker with Access to LXCA Filesystem Could Access Local LXCA Account Credentials and LXCA Authenticated Command Injection - USVendor Advisory
Products affected by CVE-2017-3763
- cpe:2.3:a:lenovo:xclarity_administrator:*:*:*:*:*:*:*:*