Vulnerability Details CVE-2015-6971
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed Lenovo executables.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 32.2%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
- https://support.lenovo.com/us/en/product_security/lsu_privilege
- https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-018/?fid=7172
- https://support.lenovo.com/us/en/product_security/lsu_privilege
- https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-018/?fid=7172
Products affected by CVE-2015-6971
-
cpe:2.3:a:lenovo:system_update:-
-
cpe:2.3:a:lenovo:system_update:5.06.0027
-
cpe:2.3:a:lenovo:system_update:5.06.0034