Insecure Credential Usage in Lenovo Service Framework Android App Leads to Remote Code Execution Vulnerability

Insecure Credential Usage in Lenovo Service Framework Android App Leads to Remote Code Execution Vulnerability

CVE-2017-3760 · MEDIUM Severity

AV:N/AC:H/AU:N/C:P/I:P/A:P

The Lenovo Service Framework Android application uses a set of nonsecure credentials when performing integrity verification of downloaded applications and/or data. This exposes the application to man-in-the-middle attacks leading to possible remote code execution.

Learn more about our Cis Benchmark Audit For Google Android.