high
7.8
Advisory Published
Updated

CVE-2017-3756

First published: Fri Aug 18 2017(Updated: )

A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems versions earlier than 1.82.0.17. An attacker with local privileges could execute code with administrative privileges via an unquoted service path.

Credit: psirt@lenovo.com

Affected SoftwareAffected VersionHow to fix
Lenovo ThinkPad 10 Ella 2 BIOS
Lenovo ThinkPad Yoga 11e Beema BIOS
Lenovo ThinkPad Yoga 11e Braswell
Lenovo ThinkPad 11e Broadwell BIOS
Lenovo ThinkPad Yoga 11e Skylake BIOS
Lenovo ThinkPad 13e BIOS
Lenovo ThinkPad E450 BIOS
Lenovo ThinkPad E450 BIOS
Lenovo ThinkPad E455 BIOS
Lenovo ThinkPad E460 BIOS
Lenovo ThinkPad E465 BIOS
Lenovo ThinkPad E550 BIOS
Lenovo ThinkPad E550c BIOS
Lenovo ThinkPad E555 BIOS
Lenovo ThinkPad BIOS
Lenovo ThinkPad E565 BIOS
lenovo ThinkPad edge e440
Lenovo ThinkPad Edge E445
Lenovo ThinkPad Edge E540 BIOS
Lenovo ThinkPad Edge E545 BIOS
Lenovo ThinkPad Helix 20CG BIOS
Lenovo ThinkPad Helix 20CH BIOS
Lenovo ThinkPad L440
Lenovo ThinkPad L450 BIOS
Lenovo ThinkPad L460
Lenovo ThinkPad L540
Lenovo ThinkPad L560 BIOS
Lenovo ThinkPad P50s BIOS
Lenovo ThinkPad P50s BIOS
Lenovo ThinkPad P70 BIOS
Lenovo ThinkPad S1 Yoga 12 BIOS
Lenovo ThinkPad S1 Yoga Non-VPro BIOS
Lenovo ThinkPad S1 Yoga BIOS
Lenovo ThinkPad S3 S440 BIOS
Lenovo ThinkPad Yoga 14 BIOS
Lenovo ThinkPad S5 E560P
Lenovo ThinkPad S5 Yoga 15 BIOS
Lenovo ThinkPad S540 BIOS
Lenovo ThinkPad T440p BIOS
Lenovo ThinkPad T440p
Lenovo ThinkPad T440s BIOS
Lenovo ThinkPad T440u BIOS
Lenovo ThinkPad T450 BIOS
Lenovo ThinkPad T450s BIOS
Lenovo ThinkPad T460 BIOS
Lenovo ThinkPad T460p BIOS
Lenovo ThinkPad T460s BIOS
Lenovo ThinkPad T540p BIOS
Lenovo ThinkPad T540p BIOS
Lenovo ThinkPad T550 BIOS
Lenovo ThinkPad T560 BIOS
Lenovo ThinkPad Tablet 10 BIOS
Lenovo ThinkPad Tablet 8 BIOS
Lenovo ThinkPad W540
Lenovo ThinkPad W541 Firmware
Lenovo ThinkPad W550s firmware
Lenovo ThinkPad X1 Carbon BIOS
Lenovo ThinkPad X1 Carbon BIOS
Lenovo ThinkPad X1 Carbon BIOS
Lenovo ThinkPad X1 Tablet BIOS
Lenovo ThinkPad X1 Yoga
Lenovo ThinkPad x140e
Lenovo ThinkPad x240s BIOS
Lenovo ThinkPad x240s firmware
Lenovo ThinkPad X250 Shark Bay BIOS
Lenovo ThinkPad x250 Shark Bay BIOS
Lenovo ThinkPad x260 BIOS
Lenovo ThinkPad 11e Beema BIOS
Lenovo ThinkPad 11e Beema BIOS
Lenovo ThinkPad Yoga 11e Braswell BIOS
Lenovo ThinkPad Yoga 11e Broadwell BIOS
Lenovo ThinkPad Yoga 11e Skylake BIOS
Lenovo ThinkPad Yoga 14 (460) S3 BIOS
Lenovo ThinkPad Yoga 260 S1 BIOS
Lenovo ThinkPad 10 Ella 2 BIOS
Lenovo ThinkPad 11e
Lenovo ThinkPad 11e
Lenovo ThinkPad 11e Broadwell BIOS
Lenovo ThinkPad 11e
lenovo ThinkPad 13e BIOS
Lenovo ThinkPad E450 BIOS
Lenovo ThinkPad E450c
Lenovo ThinkPad E455 Firmware
Lenovo ThinkPad E460 Firmware
Lenovo ThinkPad E465 BIOS
Lenovo ThinkPad E550 BIOS
Lenovo ThinkPad E550c BIOS
Lenovo ThinkPad E555 Firmware
Lenovo ThinkPad E560 Firmware
Lenovo ThinkPad E565 BIOS
Lenovo ThinkPad Edge E440
Lenovo ThinkPad Edge E445
Lenovo ThinkPad Edge E540 BIOS
Lenovo ThinkPad Edge E545 BIOS
Lenovo ThinkPad Helix 20CG BIOS
Lenovo ThinkPad Helix 20CH BIOS
Lenovo ThinkPad L440
Lenovo ThinkPad L450
Lenovo ThinkPad L460 Firmware
Lenovo ThinkPad L540 BIOS
Lenovo ThinkPad L560 Firmware
Lenovo ThinkPad P50 Firmware
Lenovo ThinkPad P50s BIOS
Lenovo ThinkPad P70 BIOS
Lenovo ThinkPad S1 Yoga 12 BIOS
Lenovo ThinkPad S1 Yoga
Lenovo ThinkPad S1 Yoga VPro Firmware
Lenovo ThinkPad S3 S440 BIOS
Lenovo ThinkPad Yoga 14 (460) S3 BIOS
Lenovo ThinkPad E560p
Lenovo ThinkPad S5 Yoga 15 Firmware
Lenovo ThinkPad S540 BIOS
Lenovo ThinkPad T440
Lenovo ThinkPad T440p Firmware
Lenovo ThinkPad T440s Firmware
Lenovo ThinkPad T440u
Lenovo ThinkPad T450 Firmware
Lenovo ThinkPad T450s Firmware
Lenovo ThinkPad T460 firmware
Lenovo ThinkPad T460p BIOS
Lenovo ThinkPad T460s Firmware
Lenovo ThinkPad T540p Firmware
Lenovo ThinkPad T540p Firmware
Lenovo ThinkPad T550
Lenovo ThinkPad T560 Firmware
Lenovo ThinkPad Tablet 10 Firmware
Lenovo ThinkPad Tablet 8 Firmware
Lenovo ThinkPad W540 Firmware
Lenovo ThinkPad W541 Firmware
Lenovo ThinkPad W550s firmware
Lenovo ThinkPad X1 Carbon
Lenovo ThinkPad X1 Carbon (20AX)
Lenovo ThinkPad X1 Carbon (20BX) Firmware
Lenovo ThinkPad X1 Tablet
Lenovo ThinkPad X1 Yoga
Lenovo ThinkPad x140e
Lenovo ThinkPad x240 firmware
Lenovo ThinkPad x240s BIOS
Lenovo ThinkPad x250 Broadwell BIOS
Lenovo ThinkPad x250 Shark Bay BIOS
Lenovo ThinkPad x260 firmware
Lenovo ThinkPad 11e YOGA
Lenovo ThinkPad 11e Beema BIOS
Lenovo ThinkPad Yoga 11e Braswell BIOS
Lenovo ThinkPad Yoga 11e Broadwell BIOS
Lenovo ThinkPad Yoga 11e Skylake
Lenovo ThinkPad Yoga 14 (460) S3 BIOS
Lenovo ThinkPad Yoga 260 S1 BIOS
Windows 10
Microsoft Windows 7
Microsoft Windows

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2017-3756?

    CVE-2017-3756 has a CVSS score of 7.8, indicating a high severity level for privilege escalation.

  • How do I fix CVE-2017-3756?

    To fix CVE-2017-3756, update the Lenovo Active Protection System to version 1.82.0.17 or later.

  • What systems are affected by CVE-2017-3756?

    CVE-2017-3756 affects various Lenovo ThinkPad systems running versions of Lenovo Active Protection System prior to 1.82.0.17.

  • Can CVE-2017-3756 be exploited remotely?

    CVE-2017-3756 requires local access to the affected systems for exploitation, thus is not remotely exploitable.

  • What type of vulnerability is represented by CVE-2017-3756?

    CVE-2017-3756 represents a privilege escalation vulnerability that allows users with local access to execute code with elevated privileges.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203