PT-2017-3108 · Lenovo · Lenovo Service Framework

Published

2017-10-05

Updated

2019-10-03

CVE-2017-3761

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Lenovo Service Framework (LSF) (affected versions not specified)

Description The issue is related to the lack of proper sanitization of special elements used in a command in the Lenovo Service Framework (LSF) on Android devices. This could allow a remote attacker to execute arbitrary commands or code. The problem arises because the Lenovo Service Framework Android application executes system commands without properly sanitizing external input, potentially leading to command injection and remote code execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

OS Command Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-77

Related Identifiers

BDU:2017-02506

CVE-2017-3761

Affected Products

Lenovo Service Framework

PT-2017-3108 · Lenovo · Lenovo Service Framework

CVE-2017-3761

Weakness Enumeration

Related Identifiers

Affected Products

References · 3