Vulnerability Details : CVE-2017-3749
On Lenovo VIBE mobile phones, the Idea Friend Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3750.
Vulnerability category: Gain privilege
Products affected by CVE-2017-3749
- cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-3749
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 19 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-3749
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST | |
6.4
|
MEDIUM | CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
0.5
|
5.9
|
NIST |
References for CVE-2017-3749
-
https://support.lenovo.com/us/en/product_security/LEN-15823
Local Root Exploit on Lenovo VIBE Mobile Phones - USMitigation;Vendor Advisory
Jump to