var-201706-0355
Vulnerability from variot
In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information. Authorized users that can capture and export FFDC service log data may have access to these remote commands. Lenovo System x Server IMM2 The firmware contains a command injection vulnerability.Information may be obtained. LenovoSystemxIMM2 is the firmware used by Lenovo servers to provide remote monitoring and control of the server. A security vulnerability exists in LenovoSystemxIMM2 that could allow an attacker to exploit a vulnerability to obtain a login certificate. Lenovo System x is a server of China Lenovo (Lenovo)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0355",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integrated management module",
"scope": "lte",
"trust": 1.0,
"vendor": "ibm",
"version": "6.19"
},
{
"model": "integrated management module",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.9"
},
{
"model": "integrated management module",
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": "integrated management module",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "flex system m4",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "x240\u003c=4.10"
},
{
"model": "integrated management module",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "6.19"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-13250"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005197"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-791"
},
{
"db": "NVD",
"id": "CVE-2017-3744"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:ibm:integrated_management_module_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lenovo:integrated_management_module_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005197"
}
]
},
"cve": "CVE-2017-3744",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2017-3744",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2017-13250",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-111947",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-3744",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-3744",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-3744",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-13250",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-791",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-111947",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-13250"
},
{
"db": "VULHUB",
"id": "VHN-111947"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005197"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-791"
},
{
"db": "NVD",
"id": "CVE-2017-3744"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information. Authorized users that can capture and export FFDC service log data may have access to these remote commands. Lenovo System x Server IMM2 The firmware contains a command injection vulnerability.Information may be obtained. LenovoSystemxIMM2 is the firmware used by Lenovo servers to provide remote monitoring and control of the server. A security vulnerability exists in LenovoSystemxIMM2 that could allow an attacker to exploit a vulnerability to obtain a login certificate. Lenovo System x is a server of China Lenovo (Lenovo)",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3744"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005197"
},
{
"db": "CNVD",
"id": "CNVD-2017-13250"
},
{
"db": "VULHUB",
"id": "VHN-111947"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-3744",
"trust": 3.1
},
{
"db": "LENOVO",
"id": "LEN-14054",
"trust": 2.3
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005197",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-791",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-13250",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-111947",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-13250"
},
{
"db": "VULHUB",
"id": "VHN-111947"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005197"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-791"
},
{
"db": "NVD",
"id": "CVE-2017-3744"
}
]
},
"id": "VAR-201706-0355",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-13250"
},
{
"db": "VULHUB",
"id": "VHN-111947"
}
],
"trust": 1.5333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-13250"
}
]
},
"last_update_date": "2024-11-23T22:45:39.192000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-14054",
"trust": 0.8,
"url": "https://support.lenovo.com/jp/ja/product_security/len-14054"
},
{
"title": "LenovoSystemxIMM2 firmware certificate to obtain a patch for the vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/97553"
},
{
"title": "Lenovo System x IMM2 Fixes for firmware security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71253"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-13250"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005197"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-791"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-532",
"trust": 1.1
},
{
"problemtype": "CWE-77",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111947"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005197"
},
{
"db": "NVD",
"id": "CVE-2017-3744"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.lenovo.com/product_security/len-14054"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3744"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3744"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/zh/product_security/len-14054"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-13250"
},
{
"db": "VULHUB",
"id": "VHN-111947"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005197"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-791"
},
{
"db": "NVD",
"id": "CVE-2017-3744"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-13250"
},
{
"db": "VULHUB",
"id": "VHN-111947"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005197"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-791"
},
{
"db": "NVD",
"id": "CVE-2017-3744"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-13250"
},
{
"date": "2017-06-20T00:00:00",
"db": "VULHUB",
"id": "VHN-111947"
},
{
"date": "2017-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005197"
},
{
"date": "2017-06-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-791"
},
{
"date": "2017-06-20T00:29:00.330000",
"db": "NVD",
"id": "CVE-2017-3744"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-13250"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-111947"
},
{
"date": "2017-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005197"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-791"
},
{
"date": "2024-11-21T03:26:03.203000",
"db": "NVD",
"id": "CVE-2017-3744"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-791"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo System x Server IMM2 Firmware command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005197"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "log information leak",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-791"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.