CVE-2017-3753

medium

Published 2017-08-10 · Modified 2026-05-13

CVSS v3

6.8

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2

7.2

VIR risk

6.8

Description

A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. (AMI). With this vulnerability, conditions exist where an attacker with administrative privileges or physical access to a system may be able to run specially crafted code that can allow them to bypass system protections such as Device Guard and Hyper-V.

Predictions

Exploit likelihood

67%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@lenovo.com — https://support.lenovo.com/us/en/product_security/LEN-14695

References

https://support.lenovo.com/us/en/product_security/LEN-14695
https://support.lenovo.com/us/en/product_security/LEN-14695

CWEs

CWE-94

Verify integrity in audit chain (admin only). AS-IS.