CVE-2015-6971
high
CVSS v3
7.8
CVSS v2
7.2
VIR risk
7.8
Description
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed Lenovo executables.
Predictions
Exploit likelihood
75%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — https://support.lenovo.com/us/en/product_security/lsu_privilege
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| lenovo | system_update | {"endIncluding":"5.06.0034"} | |
References
- https://support.lenovo.com/us/en/product_security/lsu_privilege
- https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-018/?fid=7172
- https://support.lenovo.com/us/en/product_security/lsu_privilege
- https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-018/?fid=7172
CWEs
CWE-77
Verify integrity in audit chain (admin only). AS-IS.