cvedb.io
CVE-2017-3743
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2017-06-20T00:29:00.297 · Last modified 2026-06-17T01:18:50.220

Summary

If multiple users are concurrently logged into a single system where one user is sending a command via the Lenovo ToolsCenter Advanced Settings Utility (ASU), UpdateXpress System Pack Installer (UXSPI) or Dynamic System Analysis (DSA) to a second machine, the other users may be able to see the user ID and clear text password that were used to access the second machine during the time the command is processing.

Affected products

lenovo — advanced_settings_utility

Does this affect you?

Add your gear to cvedb and we'll alert you only when lenovo ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.