CVE-2017-3748

Summary

On Lenovo VIBE mobile phones, improper access controls on the nac_server component can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user (commonly known as 'rooting' or "jail breaking" a device).

Affected Software

VendorProductVersion RangeStatus
Lenovo Group Ltd.Lenovo Vibe and Lenovo China-only Moto Mobile PhonesEarlier than 6.0affected

Weaknesses

  • Privilege escalation

ADP Enrichment

CVE Program Container

Additional References

References