Insecure Credential Usage in Lenovo Service Framework Android App Leads to Remote Code Execution Vulnerability
CVE-2017-3760 · MEDIUM Severity
AV:N/AC:H/AU:N/C:P/I:P/A:P
The Lenovo Service Framework Android application uses a set of nonsecure credentials when performing integrity verification of downloaded applications and/or data. This exposes the application to man-in-the-middle attacks leading to possible remote code execution.
Learn more about our Cis Benchmark Audit For Google Android.