CVE-2017-3754

Published: Jul 17, 2017Modified: May 13, 2026

6.7

Vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an attacker with physical or administrative access to a system to be able to flash the BIOS with an arbitrary image and potentially run malicious BIOS code.

Affected (1)

Products: Lenovo: Bios

Lenovo

1 product

Bios

Configuration A

1 vulnerable · 19 platform

Vulnerable Software	Affected Versions
Lenovo Bios	All versions

Running on/with	Platform Versions
Lenovo 710s 13ikb/xiaoxin Air 13ikb	All versions
Lenovo 710s 13isk/xiaoxin Air 13	All versions
Lenovo K21 80	All versions
Lenovo K22 80/lenovo V720 12	All versions
Lenovo K41 80	All versions
Lenovo Lenovo Ideapad 110 14ast	All versions
Lenovo Lenovo Ideapad 110 15ast	All versions
Lenovo Lenovo Ideapad 320 14ast	All versions
Lenovo Lenovo Ideapad 320 15ast	All versions
Lenovo Lenovo Xiaoxin Rui7000	All versions
Lenovo Miix 710 12ikb	All versions
Lenovo Miix 720 12ikb	All versions
Lenovo Notebook 320 17ast	All versions
Lenovo Rescuer E520 15ikb	All versions
Lenovo V110 14iap	All versions
Lenovo V110 15iap	All versions
Lenovo V110 15ikb	All versions
Lenovo V110 15isk	All versions
Lenovo Yoga 710 11ikb	All versions

References (2)

https://support.lenovo.com/us/en/product_security/LEN-15084

Source: psirt@lenovo.com

Vendor Advisory

https://support.lenovo.com/us/en/product_security/LEN-15084

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.