CVE-2017-3756

Q: What is the severity of CVE-2017-3756?

CVE-2017-3756 has a CVSS score of 7.8 (HIGH). This CVE describes a local privilege escalation vulnerability in Lenovo's Active Protection System for ThinkPad laptops. An attacker with existing local access could exploit an unquoted service path to execute arbitrary code with SYSTEM/administrator privileges. Only ThinkPad systems running vulnerable versions of Lenovo Active Protection System are affected.

7.8 HIGH

📋 TL;DR

This CVE describes a local privilege escalation vulnerability in Lenovo's Active Protection System for ThinkPad laptops. An attacker with existing local access could exploit an unquoted service path to execute arbitrary code with SYSTEM/administrator privileges. Only ThinkPad systems running vulnerable versions of Lenovo Active Protection System are affected.

💻 Affected Systems

Products:

Lenovo Active Protection System

Versions: All versions earlier than 1.82.0.17

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects ThinkPad systems with Lenovo Active Protection System installed. The vulnerability exists in the service path handling.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise where an attacker with initial local access gains full administrative control, enabling installation of persistent malware, credential theft, and lateral movement.

🟠

Likely Case

Local attacker escalates privileges to install keyloggers, backdoors, or other malicious software while evading detection by user account controls.

🟢

If Mitigated

Attack fails due to patched software or proper endpoint security controls detecting suspicious privilege escalation attempts.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring initial access to the system.

🏢 Internal Only: HIGH - Once an attacker gains any local access (via malware, compromised user account, etc.), they can exploit this to gain full administrative control.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access first. Unquoted service path vulnerabilities are well-understood and relatively easy to exploit once initial access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.82.0.17 or later

Vendor Advisory: https://support.lenovo.com/us/en/product_security/LEN-15765

Restart Required: Yes

Instructions:

1. Download Lenovo Active Protection System version 1.82.0.17 or later from Lenovo's support site. 2. Run the installer with administrative privileges. 3. Restart the system to complete the installation.

🔧 Temporary Workarounds

Remove vulnerable software

windows

Uninstall Lenovo Active Protection System if not required for system functionality

Control Panel > Programs and Features > Uninstall Lenovo Active Protection System

Restrict service permissions

windows

Set stricter permissions on the service executable and directories in the service path

icacls "C:\Program Files\Lenovo\Active Protection System\" /deny Users:(OI)(CI)F

🧯 If You Can't Patch

Implement strict endpoint security controls to detect and prevent privilege escalation attempts
Restrict local user privileges and implement least privilege access controls

🔍 How to Verify

Check if Vulnerable:

Check Lenovo Active Protection System version in Control Panel > Programs and Features. If version is earlier than 1.82.0.17, the system is vulnerable.

Check Version:

wmic product where "name like 'Lenovo Active Protection System%'" get version

Verify Fix Applied:

Verify Lenovo Active Protection System version is 1.82.0.17 or later in Control Panel > Programs and Features.

📡 Detection & Monitoring

Log Indicators:

Windows Event Logs showing unexpected service creation or modification
Security logs showing privilege escalation attempts

Network Indicators:

None - this is a local attack

SIEM Query:

EventID=4688 AND (NewProcessName LIKE '*\Lenovo\Active Protection System\*' OR CommandLine LIKE '*\Lenovo\Active Protection System\*')

📊 Metadata

CVE ID: CVE-2017-3756

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Published: August 18, 2017

Last Updated: April 20, 2025

🔗 References

http://www.securityfocus.com/bid/100305 Third Party Advisory,VDB Entry
https://support.lenovo.com/us/en/product_security/LEN-15765 Vendor Advisory
http://www.securityfocus.com/bid/100305 Third Party Advisory,VDB Entry
https://support.lenovo.com/us/en/product_security/LEN-15765 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Thinkpad 10 Ella 2 by Lenovo

Thinkpad 10 Ella 2 Bios by Lenovo

Thinkpad 11e Beema by Lenovo

Thinkpad 11e Beema Bios by Lenovo

Thinkpad 11e Braswell by Lenovo

Thinkpad 11e Braswell Bios by Lenovo

Thinkpad 11e Broadwell by Lenovo

Thinkpad 11e Broadwell Bios by Lenovo

Thinkpad 11e Skylake by Lenovo

Thinkpad 11e Skylake Bios by Lenovo

Thinkpad 13e by Lenovo

Thinkpad 13e Bios by Lenovo

Thinkpad E450 by Lenovo

Thinkpad E450 Bios by Lenovo

Thinkpad E450c by Lenovo

Thinkpad E450c Bios by Lenovo

Thinkpad E455 by Lenovo

Thinkpad E455 Bios by Lenovo

Thinkpad E460 by Lenovo

Thinkpad E460 Bios by Lenovo

Thinkpad E465 by Lenovo

Thinkpad E465 Bios by Lenovo

Thinkpad E550 by Lenovo

Thinkpad E550 Bios by Lenovo

Thinkpad E550c by Lenovo

Thinkpad E550c Bios by Lenovo

Thinkpad E555 by Lenovo

Thinkpad E555 Bios by Lenovo

Thinkpad E560 by Lenovo

Thinkpad E560 Bios by Lenovo

Thinkpad E565 by Lenovo

Thinkpad E565 Bios by Lenovo

Thinkpad Edge E440 by Lenovo

Thinkpad Edge E440 Bios by Lenovo

Thinkpad Edge E445 by Lenovo

Thinkpad Edge E445 Bios by Lenovo

Thinkpad Edge E540 by Lenovo

Thinkpad Edge E540 Bios by Lenovo

Thinkpad Edge E545 by Lenovo

Thinkpad Edge E545 Bios by Lenovo

Thinkpad Helix 20cg by Lenovo

Thinkpad Helix 20cg Bios by Lenovo

Thinkpad Helix 20ch by Lenovo

Thinkpad Helix 20ch Bios by Lenovo

Thinkpad L440 by Lenovo

Thinkpad L440 Bios by Lenovo

Thinkpad L450 by Lenovo

Thinkpad L450 Bios by Lenovo

Thinkpad L460 by Lenovo

Thinkpad L460 Bios by Lenovo

Thinkpad L540 by Lenovo

Thinkpad L540 Bios by Lenovo

Thinkpad L560 by Lenovo

Thinkpad L560 Bios by Lenovo

Thinkpad P50 by Lenovo

Thinkpad P50 Bios by Lenovo

Thinkpad P50s by Lenovo

Thinkpad P50s Bios by Lenovo

Thinkpad P70 by Lenovo

Thinkpad P70 Bios by Lenovo

Thinkpad S1 Yoga 12 by Lenovo

Thinkpad S1 Yoga 12 Bios by Lenovo

Thinkpad S1 Yoga Non Vpro by Lenovo

Thinkpad S1 Yoga Non Vpro Bios by Lenovo

Thinkpad S1 Yoga Vpro by Lenovo

Thinkpad S1 Yoga Vpro Bios by Lenovo

Thinkpad S3 S440 by Lenovo

Thinkpad S3 S440 Bios by Lenovo

Thinkpad S3 Yoga 14 by Lenovo

Thinkpad S3 Yoga 14 Bios by Lenovo

Thinkpad S5 E560p by Lenovo

Thinkpad S5 E560p Bios by Lenovo

Thinkpad S5 Yoga 15 by Lenovo

Thinkpad S5 Yoga 15 Bios by Lenovo

Thinkpad S540 by Lenovo

Thinkpad S540 Bios by Lenovo

Thinkpad T440 by Lenovo