CVE-2017-3744
First published: Tue Jun 20 2017(Updated: )
In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information. Authorized users that can capture and export FFDC service log data may have access to these remote commands.
Credit: psirt@lenovo.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lenovo Integrated Management Module Firmware | <=4.9 | |
| Lenovo Flex System X240 M4 Firmware | ||
| Lenovo Flex System X240 M5 Bios | ||
| Lenovo Flex System X280 X6 Firmware | ||
| Lenovo Flex System X440 M4 Firmware | ||
| Lenovo Flex System X480 X6 BIOS | ||
| Lenovo Flex System X880 BIOS | ||
| Lenovo NextScale NX360 M5 | ||
| Lenovo System X3250 M6 Firmware | ||
| Lenovo System X3500 M5 | ||
| Lenovo System X3550 M5 | ||
| Lenovo System x3650 M5 | ||
| Lenovo System X3750 M4 | ||
| Lenovo System X3850 X6 | ||
| Lenovo System X3950 X6 Firmware | ||
| Lenovo ThinkAgile CX2200 | ||
| Lenovo ThinkAgile CX4200 | ||
| Lenovo ThinkAgile CX4600 | ||
| IBM Integrated Management Module II Firmware | <=6.19 | |
| Lenovo Bladecenter HS22 | ||
| Lenovo Bladecenter HS23 | ||
| Lenovo Bladecenter Hs23e Firmware | ||
| IBM Flex System X220 | ||
| IBM Flex System X222 M4 Firmware | ||
| Lenovo Flex System X240 M4 | ||
| IBM Flex System X280 M4 Firmware | ||
| Lenovo Flex System X440 M4 Firmware | ||
| IBM Flex System X480 M4 Firmware | ||
| IBM Flex System X880 M4 Firmware | ||
| Lenovo iDataplex Dx360 M4 | ||
| Lenovo Idataplex Dx360 M4 Water Cooled | ||
| Lenovo Nextscale Nx360 M4 Firmware | ||
| Ibm System X3100 M4 Firmware | ||
| IBM System X3100 M5 Firmware | ||
| IBM System X3250 M4 Firmware | ||
| Lenovo System X3250 M5 | ||
| Lenovo System X3300 M4 | ||
| Lenovo System X3500 M4 Firmware | ||
| Lenovo System X3530 M4 | ||
| Lenovo System X3550 M4 | ||
| Lenovo System X3630 M4 | ||
| IBM System x3650 M4 Firmware | ||
| IBM System x3650 M4 Firmware | ||
| Lenovo System X3650 M4 HD | ||
| Lenovo System X3750 M4 | ||
| Lenovo System X3850 X6 Firmware | ||
| Lenovo System X3950 X6 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-3744?
CVE-2017-3744 is classified as a medium severity vulnerability due to the potential exposure of login credentials.
How do I fix CVE-2017-3744?
To fix CVE-2017-3744, upgrade the Lenovo Integrated Management Module firmware to a version later than 4.9.
What type of systems are affected by CVE-2017-3744?
CVE-2017-3744 affects Lenovo Integrated Management Module firmware versions up to 4.9.
What information can be captured due to CVE-2017-3744?
CVE-2017-3744 can capture remote command data, which may include clear text login information.
Is CVE-2017-3744 specific to any Lenovo hardware?
CVE-2017-3744 is primarily associated with Lenovo System x servers utilizing the affected firmware versions.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/lenovo
- canonical/lenovo integrated management module firmware
- version/lenovo integrated management module firmware/4.9
- canonical/lenovo flex system x240 m4 firmware
- canonical/lenovo flex system x240 m5 bios
- canonical/lenovo flex system x280 x6 firmware
- canonical/lenovo flex system x440 m4 firmware
- canonical/lenovo flex system x480 x6 bios
- canonical/lenovo flex system x880 bios
- canonical/lenovo nextscale nx360 m5
- canonical/lenovo system x3250 m6 firmware
- canonical/lenovo system x3500 m5
- canonical/lenovo system x3550 m5
- canonical/lenovo system x3650 m5
- canonical/lenovo system x3750 m4
- canonical/lenovo system x3850 x6
- canonical/lenovo system x3950 x6 firmware
- canonical/lenovo thinkagile cx2200
- canonical/lenovo thinkagile cx4200
- canonical/lenovo thinkagile cx4600
- vendor/ibm
- canonical/ibm integrated management module ii firmware
- version/ibm integrated management module ii firmware/6.19
- canonical/lenovo bladecenter hs22
- canonical/lenovo bladecenter hs23
- canonical/lenovo bladecenter hs23e firmware
- canonical/ibm flex system x220
- canonical/ibm flex system x222 m4 firmware
- canonical/lenovo flex system x240 m4
- canonical/ibm flex system x280 m4 firmware
- canonical/ibm flex system x480 m4 firmware
- canonical/ibm flex system x880 m4 firmware
- canonical/lenovo idataplex dx360 m4
- canonical/lenovo idataplex dx360 m4 water cooled
- canonical/lenovo nextscale nx360 m4 firmware
- canonical/ibm system x3100 m4 firmware
- canonical/ibm system x3100 m5 firmware
- canonical/ibm system x3250 m4 firmware
- canonical/lenovo system x3250 m5
- canonical/lenovo system x3300 m4
- canonical/lenovo system x3500 m4 firmware
- canonical/lenovo system x3530 m4
- canonical/lenovo system x3550 m4
- canonical/lenovo system x3630 m4
- canonical/ibm system x3650 m4 firmware
- canonical/lenovo system x3650 m4 hd
- canonical/lenovo system x3850 x6 firmware