CVE-2017-3749
6.4
Vector
CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.5 / Impact: 5.9
Source: NVD
Description
On Lenovo VIBE mobile phones, the Idea Friend Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3750.
Affected (1)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 5.1.1 |
| Running on/with | Platform Versions |
|---|---|
Lenovo Vibe A1600 | All versions |
Lenovo Vibe A2560 | All versions |
Lenovo Vibe A2800 | All versions |
Lenovo Vibe A2860 | All versions |
Lenovo Vibe A2880 | All versions |
Lenovo Vibe A3000 | All versions |
Lenovo Vibe A3500 | All versions |
Lenovo Vibe A3600 D | All versions |
Lenovo Vibe A3600u | All versions |
Lenovo Vibe A3800 D | All versions |
Lenovo Vibe A3900 | All versions |
Lenovo Vibe A6000 | All versions |
Lenovo Vibe A6000 I | All versions |
Lenovo Vibe A6020i37 | All versions |
Lenovo Vibe A6600 | All versions |
Lenovo Vibe A6800 | All versions |
Lenovo Vibe K30 E | All versions |
Lenovo Vibe K30 W Cu | All versions |
Lenovo Vibe K32c30 | All versions |
Lenovo Vibe K80m | All versions |
References (2)
Source: psirt@lenovo.com
MitigationVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationVendor Advisory
Timeline
No history available yet.