CVE-2017-3748

Published: Jun 29, 2017Modified: May 13, 2026

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

On Lenovo VIBE mobile phones, improper access controls on the nac_server component can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user (commonly known as 'rooting' or "jail breaking" a device).

Affected (1)

Products: Google: Android

Google

1 product

Android

Configuration A

1 vulnerable · 20 platform

Vulnerable Software	Affected Versions
Google Android	Up to 5.1.1

Running on/with	Platform Versions
Lenovo Vibe A1600	All versions
Lenovo Vibe A2560	All versions
Lenovo Vibe A2800	All versions
Lenovo Vibe A2860	All versions
Lenovo Vibe A2880	All versions
Lenovo Vibe A3000	All versions
Lenovo Vibe A3500	All versions
Lenovo Vibe A3600 D	All versions
Lenovo Vibe A3600u	All versions
Lenovo Vibe A3800 D	All versions
Lenovo Vibe A3900	All versions
Lenovo Vibe A6000	All versions
Lenovo Vibe A6000 I	All versions
Lenovo Vibe A6020i37	All versions
Lenovo Vibe A6600	All versions
Lenovo Vibe A6800	All versions
Lenovo Vibe K30 E	All versions
Lenovo Vibe K30 W Cu	All versions
Lenovo Vibe K32c30	All versions
Lenovo Vibe K80m	All versions

References (4)

http://www.securityfocus.com/bid/99295

Source: psirt@lenovo.com

Third Party AdvisoryVDB Entry

https://support.lenovo.com/us/en/product_security/LEN-15823

Source: psirt@lenovo.com

MitigationVendor Advisory

http://www.securityfocus.com/bid/99295

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://support.lenovo.com/us/en/product_security/LEN-15823

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

Timeline

No history available yet.