cvelistv5 - cve-2017-3762

cve-2017-3762

Vulnerability from cvelistv5

Published

2018-01-26 01:00

Modified

2024-09-16 16:24

Severity ?

Summary

References

URL	Tags
psirt@lenovo.com	http://www.openwall.com/lists/oss-security/2019/05/08/3
psirt@lenovo.com	http://www.openwall.com/lists/oss-security/2019/05/08/4
psirt@lenovo.com	http://www.openwall.com/lists/oss-security/2019/05/08/5
psirt@lenovo.com	http://www.securityfocus.com/bid/102837	Third Party Advisory, VDB Entry
psirt@lenovo.com	https://support.lenovo.com/product_security/LEN-15999	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2019/05/08/3
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2019/05/08/4
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2019/05/08/5
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/102837	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://support.lenovo.com/product_security/LEN-15999	Patch, Vendor Advisory

Impacted products

Vendor

Product

Version

▼

Lenovo Group Ltd.

Lenovo Fingerprint Manager Pro

Version: Earlier than 8.01.87

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:39:40.562Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "102837",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102837"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.lenovo.com/product_security/LEN-15999"
          },
          {
            "name": "[oss-security] 20190508 Re: Re: fprintd: found storing user fingerprints without encryption",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/05/08/4"
          },
          {
            "name": "[oss-security] 20190508 Re: Re: fprintd: found storing user fingerprints without encryption",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/05/08/3"
          },
          {
            "name": "[oss-security] 20190508 Re: Re: fprintd: found storing user fingerprints without encryption",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/05/08/5"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Lenovo Fingerprint Manager Pro",
          "vendor": "Lenovo Group Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Earlier than 8.01.87"
            }
          ]
        }
      ],
      "datePublic": "2018-01-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users\u0027 Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Privilege Escalation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-08T14:06:18",
        "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "shortName": "lenovo"
      },
      "references": [
        {
          "name": "102837",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102837"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.lenovo.com/product_security/LEN-15999"
        },
        {
          "name": "[oss-security] 20190508 Re: Re: fprintd: found storing user fingerprints without encryption",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/05/08/4"
        },
        {
          "name": "[oss-security] 20190508 Re: Re: fprintd: found storing user fingerprints without encryption",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/05/08/3"
        },
        {
          "name": "[oss-security] 20190508 Re: Re: fprintd: found storing user fingerprints without encryption",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/05/08/5"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@lenovo.com",
          "DATE_PUBLIC": "2018-01-25T00:00:00",
          "ID": "CVE-2017-3762",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Lenovo Fingerprint Manager Pro",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Earlier than 8.01.87"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Lenovo Group Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users\u0027 Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Privilege Escalation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "102837",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102837"
            },
            {
              "name": "https://support.lenovo.com/product_security/LEN-15999",
              "refsource": "CONFIRM",
              "url": "https://support.lenovo.com/product_security/LEN-15999"
            },
            {
              "name": "[oss-security] 20190508 Re: Re: fprintd: found storing user fingerprints without encryption",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/05/08/4"
            },
            {
              "name": "[oss-security] 20190508 Re: Re: fprintd: found storing user fingerprints without encryption",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/05/08/3"
            },
            {
              "name": "[oss-security] 20190508 Re: Re: fprintd: found storing user fingerprints without encryption",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/05/08/5"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
    "assignerShortName": "lenovo",
    "cveId": "CVE-2017-3762",
    "datePublished": "2018-01-26T01:00:00Z",
    "dateReserved": "2016-12-16T00:00:00",
    "dateUpdated": "2024-09-16T16:24:14.952Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lenovo:fingerprint_manager_pro:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"8.01.86\", \"matchCriteriaId\": \"4CB543BA-B73D-4C33-BF7E-54531398DF05\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E33796DB-4523-4F04-B564-ADF030553D51\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D229E41-A971-4284-9657-16D78414B93F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users\u0027 Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed.\"}, {\"lang\": \"es\", \"value\": \"Los datos sensibles almacenados por Lenovo Fingerprint Manager Pro, en su versi\\u00f3n 8.01.86 y anteriores, incluyendo las credenciales de inicio de sesi\\u00f3n en Windows y los datos de huella digital de los usuarios, se cifran mediante un algoritmo d\\u00e9bil, contienen una contrase\\u00f1a embebida y son accesibles a todos los usuarios con acceso local no administrativo al sistema en el que est\\u00e1 instalado.\"}]",
      "id": "CVE-2017-3762",
      "lastModified": "2024-11-21T03:26:05.500",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": true, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-01-26T01:29:00.203",
      "references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2019/05/08/3\", \"source\": \"psirt@lenovo.com\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2019/05/08/4\", \"source\": \"psirt@lenovo.com\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2019/05/08/5\", \"source\": \"psirt@lenovo.com\"}, {\"url\": \"http://www.securityfocus.com/bid/102837\", \"source\": \"psirt@lenovo.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://support.lenovo.com/product_security/LEN-15999\", \"source\": \"psirt@lenovo.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2019/05/08/3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2019/05/08/4\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2019/05/08/5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/102837\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://support.lenovo.com/product_security/LEN-15999\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@lenovo.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-798\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-3762\",\"sourceIdentifier\":\"psirt@lenovo.com\",\"published\":\"2018-01-26T01:29:00.203\",\"lastModified\":\"2024-11-21T03:26:05.500\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users\u0027 Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed.\"},{\"lang\":\"es\",\"value\":\"Los datos sensibles almacenados por Lenovo Fingerprint Manager Pro, en su versi\u00f3n 8.01.86 y anteriores, incluyendo las credenciales de inicio de sesi\u00f3n en Windows y los datos de huella digital de los usuarios, se cifran mediante un algoritmo d\u00e9bil, contienen una contrase\u00f1a embebida y son accesibles a todos los usuarios con acceso local no administrativo al sistema en el que est\u00e1 instalado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-798\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lenovo:fingerprint_manager_pro:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.01.86\",\"matchCriteriaId\":\"4CB543BA-B73D-4C33-BF7E-54531398DF05\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E33796DB-4523-4F04-B564-ADF030553D51\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D229E41-A971-4284-9657-16D78414B93F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2019/05/08/3\",\"source\":\"psirt@lenovo.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/05/08/4\",\"source\":\"psirt@lenovo.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/05/08/5\",\"source\":\"psirt@lenovo.com\"},{\"url\":\"http://www.securityfocus.com/bid/102837\",\"source\":\"psirt@lenovo.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.lenovo.com/product_security/LEN-15999\",\"source\":\"psirt@lenovo.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/05/08/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/05/08/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/05/08/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/102837\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.lenovo.com/product_security/LEN-15999\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users' Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed. Lenovo Fingerprint Manager Pro Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo ThinkPad L560 and other computer products of China Lenovo (Lenovo). FingerprintManagerPro is one of the fingerprint recognition sensor drivers. An attacker could exploit the vulnerability to access the system. Lenovo Fingerprint Manager Pro is prone to multiple local security weaknesses. A local attacker can exploit these issues to perform certain unauthorized actions or gain potentially sensitive information. Versions prior to Fingerprint Manager Pro 8.01.87 are vulnerable. The following products are affected: Lenovo ThinkPad L560; ThinkPad P40 Yoga, P50s; ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560; ThinkPad W540, W541, W550s; ThinkPad X1 Carbon (Type 20A87, 20A) , X1 Carbon (Type 20BS, 20BT); ThinkPad X240, X240s, X250, X260; ThinkPad Yoga 14 (20FY), Yoga 460; ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z; ThinkStation E32, P300 , P500, P700, P900

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201801-0502",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fingerprint manager pro",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "lenovo",
        "version": "8.01.86"
      },
      {
        "model": "fingerprint manager pro",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "lenovo",
        "version": "\u003c=8.01.86"
      },
      {
        "model": "thinkpad carbon",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "lenovo",
        "version": "x10"
      },
      {
        "model": "fingerprint manager pro",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "lenovo",
        "version": "8.01.86"
      },
      {
        "model": "thinkstation p900",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkstation p700",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkstation p500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkstation p300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkstation e32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkpad yoga",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "4600"
      },
      {
        "model": "thinkpad yoga",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "140"
      },
      {
        "model": "thinkpad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "x2600"
      },
      {
        "model": "thinkpad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "x2500"
      },
      {
        "model": "thinkpad x240s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkpad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "x2400"
      },
      {
        "model": "thinkpad w550s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkpad w541",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkpad w540",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkpad t560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkpad t550",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkpad t540p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkpad t460",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkpad t450s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkpad t450",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkpad t440s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkpad t440p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkpad t440",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkpad p50s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkpad p40 yoga",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkpad l560",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkcentre m93p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkcentre m9350z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkcentre m93",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkcentre m83",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkcentre m79",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkcentre m78",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkcentre m73z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "thinkcentre m73",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "fingerprint manager pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "8.1.57"
      },
      {
        "model": "fingerprint manager pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "8.1.42"
      },
      {
        "model": "fingerprint manager pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "8.1.41"
      },
      {
        "model": "fingerprint manager pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "8.1.35"
      },
      {
        "model": "fingerprint manager pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "8.1.26"
      },
      {
        "model": "fingerprint manager pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "8.1.18"
      },
      {
        "model": "fingerprint manager pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "8.1.11"
      },
      {
        "model": "fingerprint manager pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "8.1.7"
      },
      {
        "model": "fingerprint manager pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "8.1.5"
      },
      {
        "model": "fingerprint manager pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "8.1"
      },
      {
        "model": "fingerprint manager pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "8.0.47"
      },
      {
        "model": "fingerprint manager pro",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "8.1.87"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-04363"
      },
      {
        "db": "BID",
        "id": "102837"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001588"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3762"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-1044"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:lenovo:fingerprint_manager_pro:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "8.01.86",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-3762"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Jackson Thuraisamy from Security Compass",
    "sources": [
      {
        "db": "BID",
        "id": "102837"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-3762",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": true,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.2,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2017-3762",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2018-04363",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-111965",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-3762",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-3762",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-04363",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201801-1044",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-111965",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-04363"
      },
      {
        "db": "VULHUB",
        "id": "VHN-111965"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001588"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3762"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-1044"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users\u0027 Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed. Lenovo Fingerprint Manager Pro Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo ThinkPad L560 and other computer products of China Lenovo (Lenovo). FingerprintManagerPro is one of the fingerprint recognition sensor drivers. An attacker could exploit the vulnerability to access the system. Lenovo Fingerprint Manager Pro is prone to multiple local security weaknesses. \nA local attacker can exploit these issues to perform certain unauthorized actions or gain potentially sensitive information. \nVersions prior to Fingerprint Manager Pro 8.01.87 are vulnerable. The following products are affected: Lenovo ThinkPad L560; ThinkPad P40 Yoga, P50s; ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560; ThinkPad W540, W541, W550s; ThinkPad X1 Carbon (Type 20A87, 20A) , X1 Carbon (Type 20BS, 20BT); ThinkPad X240, X240s, X250, X260; ThinkPad Yoga 14 (20FY), Yoga 460; ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z; ThinkStation E32, P300 , P500, P700, P900",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-3762"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001588"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-04363"
      },
      {
        "db": "BID",
        "id": "102837"
      },
      {
        "db": "VULHUB",
        "id": "VHN-111965"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-3762",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "102837",
        "trust": 2.6
      },
      {
        "db": "LENOVO",
        "id": "LEN-15999",
        "trust": 2.6
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2019/05/08/3",
        "trust": 1.7
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2019/05/08/5",
        "trust": 1.7
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2019/05/08/4",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001588",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-1044",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-04363",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-111965",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-04363"
      },
      {
        "db": "VULHUB",
        "id": "VHN-111965"
      },
      {
        "db": "BID",
        "id": "102837"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001588"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3762"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-1044"
      }
    ]
  },
  "id": "VAR-201801-0502",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-04363"
      },
      {
        "db": "VULHUB",
        "id": "VHN-111965"
      }
    ],
    "trust": 1.11111111
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-04363"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:19:15.210000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "LEN-15999",
        "trust": 0.8,
        "url": "https://support.lenovo.com/jp/ja/product_security/len-15999"
      },
      {
        "title": "Patches for hardcoded passwords for several Lenovo products FingerprintManagerPro",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/120257"
      },
      {
        "title": "Multiple Lenovo product Fingerprint Manager Pro Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=78140"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-04363"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001588"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-1044"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-798",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-111965"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001588"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3762"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/102837"
      },
      {
        "trust": 1.7,
        "url": "https://support.lenovo.com/product_security/len-15999"
      },
      {
        "trust": 1.7,
        "url": "http://www.openwall.com/lists/oss-security/2019/05/08/3"
      },
      {
        "trust": 1.7,
        "url": "http://www.openwall.com/lists/oss-security/2019/05/08/4"
      },
      {
        "trust": 1.7,
        "url": "http://www.openwall.com/lists/oss-security/2019/05/08/5"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3762"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3762"
      },
      {
        "trust": 0.6,
        "url": "https://support.lenovo.com/us/zh/product_security/len-15999"
      },
      {
        "trust": 0.3,
        "url": "http://www.lenovo.com/ca/en/"
      },
      {
        "trust": 0.3,
        "url": "https://support.lenovo.com/us/en/product_security/len-15999"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-04363"
      },
      {
        "db": "VULHUB",
        "id": "VHN-111965"
      },
      {
        "db": "BID",
        "id": "102837"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001588"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3762"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-1044"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-04363"
      },
      {
        "db": "VULHUB",
        "id": "VHN-111965"
      },
      {
        "db": "BID",
        "id": "102837"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001588"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3762"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-1044"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-03-06T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-04363"
      },
      {
        "date": "2018-01-26T00:00:00",
        "db": "VULHUB",
        "id": "VHN-111965"
      },
      {
        "date": "2018-01-25T00:00:00",
        "db": "BID",
        "id": "102837"
      },
      {
        "date": "2018-02-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-001588"
      },
      {
        "date": "2018-01-26T01:29:00.203000",
        "db": "NVD",
        "id": "CVE-2017-3762"
      },
      {
        "date": "2018-01-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201801-1044"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-03-06T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-04363"
      },
      {
        "date": "2019-05-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-111965"
      },
      {
        "date": "2018-01-25T00:00:00",
        "db": "BID",
        "id": "102837"
      },
      {
        "date": "2018-02-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-001588"
      },
      {
        "date": "2019-05-08T15:29:00.327000",
        "db": "NVD",
        "id": "CVE-2017-3762"
      },
      {
        "date": "2019-05-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201801-1044"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "102837"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-1044"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Lenovo Fingerprint Manager Pro Vulnerabilities related to the use of hard-coded credentials",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001588"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "trust management problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-1044"
      }
    ],
    "trust": 0.6
  }
}

gsd-2017-3762

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2017-3762

Aliases

CVE-2017-3762

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-3762",
    "description": "Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users\u0027 Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed.",
    "id": "GSD-2017-3762"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-3762"
      ],
      "details": "Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users\u0027 Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed.",
      "id": "GSD-2017-3762",
      "modified": "2023-12-13T01:21:16.770032Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@lenovo.com",
        "DATE_PUBLIC": "2018-01-25T00:00:00",
        "ID": "CVE-2017-3762",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Lenovo Fingerprint Manager Pro",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Earlier than 8.01.87"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Lenovo Group Ltd."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users\u0027 Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Privilege Escalation"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "102837",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/102837"
          },
          {
            "name": "https://support.lenovo.com/product_security/LEN-15999",
            "refsource": "CONFIRM",
            "url": "https://support.lenovo.com/product_security/LEN-15999"
          },
          {
            "name": "[oss-security] 20190508 Re: Re: fprintd: found storing user fingerprints without encryption",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2019/05/08/4"
          },
          {
            "name": "[oss-security] 20190508 Re: Re: fprintd: found storing user fingerprints without encryption",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2019/05/08/3"
          },
          {
            "name": "[oss-security] 20190508 Re: Re: fprintd: found storing user fingerprints without encryption",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2019/05/08/5"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:lenovo:fingerprint_manager_pro:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "8.01.86",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@lenovo.com",
          "ID": "CVE-2017-3762"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users\u0027 Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-798"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.lenovo.com/product_security/LEN-15999",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://support.lenovo.com/product_security/LEN-15999"
            },
            {
              "name": "102837",
              "refsource": "BID",
              "tags": [
                "VDB Entry",
                "Third Party Advisory"
              ],
              "url": "http://www.securityfocus.com/bid/102837"
            },
            {
              "name": "[oss-security] 20190508 Re: Re: fprintd: found storing user fingerprints without encryption",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2019/05/08/4"
            },
            {
              "name": "[oss-security] 20190508 Re: Re: fprintd: found storing user fingerprints without encryption",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2019/05/08/3"
            },
            {
              "name": "[oss-security] 20190508 Re: Re: fprintd: found storing user fingerprints without encryption",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2019/05/08/5"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-05-08T15:29Z",
      "publishedDate": "2018-01-26T01:29Z"
    }
  }
}

ghsa-4pq3-x47m-6w2q

Vulnerability from github

Published

2022-05-14 01:05

Modified

2022-05-14 01:05

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-3762"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-798"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-01-26T01:29:00Z",
    "severity": "HIGH"
  },
  "details": "Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users\u0027 Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed.",
  "id": "GHSA-4pq3-x47m-6w2q",
  "modified": "2022-05-14T01:05:26Z",
  "published": "2022-05-14T01:05:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3762"
    },
    {
      "type": "WEB",
      "url": "https://support.lenovo.com/product_security/LEN-15999"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/05/08/3"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/05/08/4"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/05/08/5"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102837"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2017-3762

Vulnerability from fkie_nvd

Published

2018-01-26 01:29

Modified

2024-11-21 03:26

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@lenovo.com	http://www.openwall.com/lists/oss-security/2019/05/08/3
psirt@lenovo.com	http://www.openwall.com/lists/oss-security/2019/05/08/4
psirt@lenovo.com	http://www.openwall.com/lists/oss-security/2019/05/08/5
psirt@lenovo.com	http://www.securityfocus.com/bid/102837	Third Party Advisory, VDB Entry
psirt@lenovo.com	https://support.lenovo.com/product_security/LEN-15999	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2019/05/08/3
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2019/05/08/4
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2019/05/08/5
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/102837	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://support.lenovo.com/product_security/LEN-15999	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
lenovo	fingerprint_manager_pro	*
microsoft	windows_7	-
microsoft	windows_8	-
microsoft	windows_8.1	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:lenovo:fingerprint_manager_pro:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CB543BA-B73D-4C33-BF7E-54531398DF05",
              "versionEndIncluding": "8.01.86",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E33796DB-4523-4F04-B564-ADF030553D51",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D229E41-A971-4284-9657-16D78414B93F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users\u0027 Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed."
    },
    {
      "lang": "es",
      "value": "Los datos sensibles almacenados por Lenovo Fingerprint Manager Pro, en su versi\u00f3n 8.01.86 y anteriores, incluyendo las credenciales de inicio de sesi\u00f3n en Windows y los datos de huella digital de los usuarios, se cifran mediante un algoritmo d\u00e9bil, contienen una contrase\u00f1a embebida y son accesibles a todos los usuarios con acceso local no administrativo al sistema en el que est\u00e1 instalado."
    }
  ],
  "id": "CVE-2017-3762",
  "lastModified": "2024-11-21T03:26:05.500",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-01-26T01:29:00.203",
  "references": [
    {
      "source": "psirt@lenovo.com",
      "url": "http://www.openwall.com/lists/oss-security/2019/05/08/3"
    },
    {
      "source": "psirt@lenovo.com",
      "url": "http://www.openwall.com/lists/oss-security/2019/05/08/4"
    },
    {
      "source": "psirt@lenovo.com",
      "url": "http://www.openwall.com/lists/oss-security/2019/05/08/5"
    },
    {
      "source": "psirt@lenovo.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102837"
    },
    {
      "source": "psirt@lenovo.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://support.lenovo.com/product_security/LEN-15999"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2019/05/08/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2019/05/08/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2019/05/08/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102837"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://support.lenovo.com/product_security/LEN-15999"
    }
  ],
  "sourceIdentifier": "psirt@lenovo.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2017-3762

Vulnerability from cvelistv5

var-201801-0502

Vulnerability from variot

gsd-2017-3762

Vulnerability from gsd

ghsa-4pq3-x47m-6w2q

Vulnerability from github

cve-2017-3762

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature