PT-2017-3108 · Lenovo · Lenovo Service Framework

Publicado

2017-10-05

Atualizado

2019-10-03

CVE-2017-3761

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Lenovo Service Framework (LSF) (affected versions not specified)

Description The issue is related to the lack of proper sanitization of special elements used in a command in the Lenovo Service Framework (LSF) on Android devices. This could allow a remote attacker to execute arbitrary commands or code. The problem arises because the Lenovo Service Framework Android application executes system commands without properly sanitizing external input, potentially leading to command injection and remote code execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

OS Command Injection

Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78CWE-77

Identificadores relacionados

BDU:2017-02506

CVE-2017-3761

Produtos afetados

Lenovo Service Framework

PT-2017-3108 · Lenovo · Lenovo Service Framework

CVE-2017-3761

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3