CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-2234

Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 5.6%

CVSS Severity

CVSS v2 Score 6.9

References

http://securitytracker.com/id/1032268
http://support.lenovo.com/us/en/product_security/lsu_privilege
http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf
http://www.securityfocus.com/bid/74634
http://securitytracker.com/id/1032268
http://support.lenovo.com/us/en/product_security/lsu_privilege
http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf
http://www.securityfocus.com/bid/74634

Products affected by CVE-2015-2234

Lenovo » System Update » Version: N/A

cpe:2.3:a:lenovo:system_update:-
Lenovo » System Update » Version: 5.06.0027

cpe:2.3:a:lenovo:system_update:5.06.0027

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-2234

Products

Pricing

Contact Us