CVE-2017-3759

Published: Oct 17, 2017Modified: May 13, 2026

8.1

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

The Lenovo Service Framework Android application accepts some responses from the server without proper validation. This exposes the application to man-in-the-middle attacks leading to possible remote code execution.

Affected (1)

Products: Lenovo: Service Framework

Lenovo

1 product

Service Framework

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Lenovo Service Framework	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://support.lenovo.com/us/en/product_security/LEN-15374

Source: psirt@lenovo.com

PatchVendor Advisory

https://support.lenovo.com/us/en/product_security/LEN-15374

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.