PT-2017-16090 · Lenovo · Lenovo Service Framework

Published

2017-10-17

Updated

2017-11-08

CVE-2017-3759

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Lenovo Service Framework (affected versions not specified)

Description The issue concerns the Lenovo Service Framework Android application, which fails to properly validate server responses. This lack of validation exposes the application to man-in-the-middle attacks, potentially leading to remote code execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2017-3759

Affected Products

Lenovo Service Framework

PT-2017-16090 · Lenovo · Lenovo Service Framework

CVE-2017-3759

Weakness Enumeration

Related Identifiers

Affected Products

References · 2