CVE-2017-3742

{"id": "CVE-2017-3742", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:M/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2017-07-17T19:29:00.277", "references": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-14398", "tags": ["Vendor Advisory"], "source": "psirt@lenovo.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for this ad-hoc connection will be stored in a user-readable location. An attacker with read access to the user's contents could connect to the Connect2 hotspot and see the contents of files while they are being transferred between the two systems."}, {"lang": "es", "value": "En las versiones de Lenovo Connect2 anteriores a 4.2.5.4885 para Windows y versi\u00f3n 4.2.5.3071 para Android, cuando una conexi\u00f3n ad-hoc se realiza entre dos sistemas con el fin de compartir archivos, la contrase\u00f1a de esta conexi\u00f3n ad-hoc ser\u00e1 almacenada en una ubicaci\u00f3n legible por el usuario. Un atacante con acceso de lectura al contenido del usuario podr\u00eda conectarse al punto de acceso Connect2 y visualizar el contenido de los archivos mientras estos son transferidos entre los dos sistemas."}], "lastModified": "2017-07-27T01:30:57.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lenovo:connect2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D397211-B783-40B4-83C7-C01825D6C112", "versionEndIncluding": "4.2.5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lenovo:connect2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D397211-B783-40B4-83C7-C01825D6C112", "versionEndIncluding": "4.2.5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8255F035-04C8-4158-B301-82101711939C"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@lenovo.com"}