CVE-2017-3754

Summary

Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an attacker with physical or administrative access to a system to be able to flash the BIOS with an arbitrary image and potentially run malicious BIOS code.

Affected Software

VendorProductVersion RangeStatus
Lenovo Group Ltd.Lenovo Notebook BIOSVariousaffected

Weaknesses

  • BIOS Write Protections Improperly Configured

ADP Enrichment

CVE Program Container

Additional References

References