CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-8109

Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires knowledge of the time that this account was created, aka a "temporary administrator account vulnerability."

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 12.1%

CVSS Severity

CVSS v3 Score 7.0

CVSS v2 Score 6.9

References

http://www.securityfocus.com/bid/98039
https://ioactive.com/pdfs/IOActive_Advisory_Lenovo_SystemUpdate-Insecure-Random-Admin-Password.pdf
https://support.lenovo.com/us/en/product_security/lsu_privilege
http://www.securityfocus.com/bid/98039
https://ioactive.com/pdfs/IOActive_Advisory_Lenovo_SystemUpdate-Insecure-Random-Admin-Password.pdf
https://support.lenovo.com/us/en/product_security/lsu_privilege

Products affected by CVE-2015-8109

Lenovo » Lenovo System Update » Version: 5.07.0013

cpe:2.3:a:lenovo:lenovo_system_update:5.07.0013

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-8109

Products

Pricing

Contact Us