CVE-2017-3770 : Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse

Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system.

Published 2017-09-22 14:29:00

Updated 2019-10-03 00:03:26

Source Lenovo Group Ltd.

View at NVD, CVE.org

Vulnerability category: Gain privilege

Exploit prediction scoring system (EPSS) score for CVE-2017-3770

Probability of exploitation activity in the next 30 days: 0.10%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 42 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2017-3770

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:P	8.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
8.8	HIGH	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2017-3770

https://support.lenovo.com/us/en/product_security/LEN-16333

Attacker with Access to LXCA Filesystem Could Access Local LXCA Account Credentials and LXCA Authenticated Command Injection - US
Vendor Advisory

CVEs referencing this url

Products affected by CVE-2017-3770

Lenovo » Xclarity Administrator
Versions up to, including, (<=) 1.3.1
cpe:2.3:a:lenovo:xclarity_administrator:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2017-3770

Exploit prediction scoring system (EPSS) score for CVE-2017-3770

CVSS scores for CVE-2017-3770

References for CVE-2017-3770

Products affected by CVE-2017-3770