Search

Find a vulnerability

Search criteria

    30 vulnerabilities found for system_update by lenovo

    CVE-2023-4632 (GCVE-0-2023-4632)

    Vulnerability from nvd – Published: 2023-11-08 21:58 – Updated: 2024-09-03 20:11
    VLAI
    Summary
    An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Impacted products
    Vendor Product Version
    Lenovo Lenovo System Update Affected: Versions prior to 5.08.02.25
    Create a notification for this product.
    Credits
    Lenovo thanks Matt Nelson, Hunter Orrantia and Max Harley of SpecterOps for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:31:06.627Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-135367"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4632",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-03T20:11:17.567850Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-03T20:11:48.263Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Lenovo System Update",
              "vendor": "Lenovo",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions prior to 5.08.02.25"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lenovo thanks Matt Nelson, Hunter Orrantia and Max Harley of SpecterOps for reporting this issue. "
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges."
                }
              ],
              "value": "An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-08T21:58:22.692Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "url": "https://support.lenovo.com/us/en/product_security/LEN-135367"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update Lenovo System Update to version 5.08.02.25 or later as indicated in the advisory.\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-135367\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-135367\u003c/a\u003e\u003cbr\u003e"
                }
              ],
              "value": "Update Lenovo System Update to version 5.08.02.25 or later as indicated in the advisory.\u00a0 https://support.lenovo.com/us/en/product_security/LEN-135367 \n"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2023-4632",
        "datePublished": "2023-11-08T21:58:16.371Z",
        "dateReserved": "2023-08-30T13:40:48.584Z",
        "dateUpdated": "2024-09-03T20:11:48.263Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-4568 (GCVE-0-2022-4568)

    Vulnerability from nvd – Published: 2023-05-01 14:36 – Updated: 2025-01-30 15:24
    VLAI
    Summary
    A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    Impacted products
    Vendor Product Version
    Lenovo Lenovo System Update Affected: All versions prior to 5.08.01.0005
    Create a notification for this product.
    Credits
    Lenovo thanks Raphael Rosenast of Compass Security for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:41:45.731Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-103545"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-4568",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-30T15:22:58.351170Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-276",
                    "description": "CWE-276 Incorrect Default Permissions",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-30T15:24:07.736Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Lenovo System Update",
              "vendor": "Lenovo",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 5.08.01.0005"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Lenovo thanks Raphael Rosenast of Compass Security for reporting this issue."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges."
                }
              ],
              "value": "A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276 Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-01T14:36:25.547Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "url": "https://support.lenovo.com/us/en/product_security/LEN-103545"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Customers should update the Lenovo System Update application to version 5.08.01.005 or later."
                }
              ],
              "value": "Customers should update the Lenovo System Update application to version 5.08.01.005 or later."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2022-4568",
        "datePublished": "2023-05-01T14:36:25.547Z",
        "dateReserved": "2022-12-16T19:30:59.872Z",
        "dateUpdated": "2025-01-30T15:24:07.736Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0354 (GCVE-0-2022-0354)

    Vulnerability from nvd – Published: 2022-04-22 20:30 – Updated: 2026-06-02 13:50
    VLAI
    Summary
    A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Insecure GUI
    • CWE-317 - Cleartext Storage of Sensitive Information in GUI
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo System Update Affected: various
    Create a notification for this product.
    Credits
    Lenovo thanks Daniel Feichter (@VirtualAllocEx) at Infosec Tirol for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:25:40.291Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-76673"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.infosec.tirol/cve-2022-0354/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-0354",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-02T13:48:54.060069Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-317",
                    "description": "CWE-317 Cleartext Storage of Sensitive Information in GUI",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T13:50:02.923Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "System Update",
              "vendor": "Lenovo",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Lenovo thanks Daniel Feichter (@VirtualAllocEx) at Infosec Tirol for reporting this issue."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Insecure GUI",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-26T22:24:43.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/LEN-76673"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.infosec.tirol/cve-2022-0354/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Follow Mitigation Strategy in LEN-76673."
            }
          ],
          "source": {
            "advisory": "LEN-76673",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2022-0354",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "System Update",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Lenovo thanks Daniel Feichter (@VirtualAllocEx) at Infosec Tirol for reporting this issue."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Insecure GUI"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/product_security/LEN-76673",
                  "refsource": "MISC",
                  "url": "https://support.lenovo.com/us/en/product_security/LEN-76673"
                },
                {
                  "name": "https://www.infosec.tirol/cve-2022-0354/",
                  "refsource": "MISC",
                  "url": "https://www.infosec.tirol/cve-2022-0354/"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Follow Mitigation Strategy in LEN-76673."
              }
            ],
            "source": {
              "advisory": "LEN-76673",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2022-0354",
        "datePublished": "2022-04-22T20:30:47.000Z",
        "dateReserved": "2022-01-24T00:00:00.000Z",
        "dateUpdated": "2026-06-02T13:50:02.923Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-8342 (GCVE-0-2020-8342)

    Vulnerability from nvd – Published: 2020-09-15 14:20 – Updated: 2024-09-17 00:01
    VLAI
    Summary
    A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege.
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo System Update Affected: unspecified , < 5.07.0106 (custom)
    Create a notification for this product.
    Date Public
    2020-09-15 00:00
    Credits
    Lenovo thanks Security Advisor, Anders Kusk, Improsec ApS for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:56:28.350Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-42150"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "System Update",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.07.0106",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Lenovo thanks Security Advisor, Anders Kusk, Improsec ApS for reporting this issue."
            }
          ],
          "datePublic": "2020-09-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-367",
                  "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-09-15T14:20:17.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/LEN-42150"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to the Lenovo System Update version 5.07.0106 (or newer)."
            }
          ],
          "source": {
            "advisory": "LEN-42150",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "DATE_PUBLIC": "2020-09-15T16:00:00.000Z",
              "ID": "CVE-2020-8342",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "System Update",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.07.0106"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Lenovo thanks Security Advisor, Anders Kusk, Improsec ApS for reporting this issue."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/product_security/LEN-42150",
                  "refsource": "MISC",
                  "url": "https://support.lenovo.com/us/en/product_security/LEN-42150"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade to the Lenovo System Update version 5.07.0106 (or newer)."
              }
            ],
            "source": {
              "advisory": "LEN-42150",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2020-8342",
        "datePublished": "2020-09-15T14:20:18.072Z",
        "dateReserved": "2020-01-28T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:01:40.101Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7336 (GCVE-0-2015-7336)

    Vulnerability from nvd – Published: 2020-03-27 14:05 – Updated: 2024-08-06 07:43
    VLAI
    Summary
    MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:43:46.216Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/lsu_privilege"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-27T14:05:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/lsu_privilege"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-7336",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/product_security/lsu_privilege",
                  "refsource": "MISC",
                  "url": "https://support.lenovo.com/us/en/product_security/lsu_privilege"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-7336",
        "datePublished": "2020-03-27T14:05:01.000Z",
        "dateReserved": "2015-09-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:43:46.216Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7335 (GCVE-0-2015-7335)

    Vulnerability from nvd – Published: 2020-03-27 14:05 – Updated: 2024-08-06 07:43
    VLAI
    Summary
    MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow a user to execute arbitrary code with elevated privileges.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:43:46.213Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/lsu_privilege"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow a user to execute arbitrary code with elevated privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-27T14:05:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/lsu_privilege"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-7335",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow a user to execute arbitrary code with elevated privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/product_security/lsu_privilege",
                  "refsource": "MISC",
                  "url": "https://support.lenovo.com/us/en/product_security/lsu_privilege"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-7335",
        "datePublished": "2020-03-27T14:05:01.000Z",
        "dateReserved": "2015-09-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:43:46.213Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7334 (GCVE-0-2015-7334)

    Vulnerability from nvd – Published: 2020-03-27 14:05 – Updated: 2024-08-06 07:43
    VLAI
    Summary
    MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type COMMAND type could allow a user to execute arbitrary code with elevated privileges.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:43:46.173Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/lsu_privilege"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type COMMAND type could allow a user to execute arbitrary code with elevated privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-27T14:05:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/lsu_privilege"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-7334",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type COMMAND type could allow a user to execute arbitrary code with elevated privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/product_security/lsu_privilege",
                  "refsource": "MISC",
                  "url": "https://support.lenovo.com/us/en/product_security/lsu_privilege"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-7334",
        "datePublished": "2020-03-27T14:05:01.000Z",
        "dateReserved": "2015-09-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:43:46.173Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7333 (GCVE-0-2015-7333)

    Vulnerability from nvd – Published: 2020-03-27 14:05 – Updated: 2024-08-06 07:43
    VLAI
    Summary
    MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type INF and INF_BY_COMPATIBLE_ID command types could allow a user to execute arbitrary code with elevated privileges.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:43:46.188Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/lsu_privilege"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type INF and INF_BY_COMPATIBLE_ID command types could allow a user to execute arbitrary code with elevated privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-27T14:05:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/lsu_privilege"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-7333",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type INF and INF_BY_COMPATIBLE_ID command types could allow a user to execute arbitrary code with elevated privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/product_security/lsu_privilege",
                  "refsource": "MISC",
                  "url": "https://support.lenovo.com/us/en/product_security/lsu_privilege"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-7333",
        "datePublished": "2020-03-27T14:05:01.000Z",
        "dateReserved": "2015-09-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:43:46.188Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6175 (GCVE-0-2019-6175)

    Vulnerability from nvd – Published: 2019-09-26 15:22 – Updated: 2024-08-04 20:16
    VLAI
    Title
    System Update Vulnerability
    Summary
    A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations.
    Severity
    No CVSS data available.
    CWE
    • Denial of service
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo System Update Affected: unspecified , < 5.07.0088 (custom)
    Create a notification for this product.
    Credits
    Lenovo would like to thank Eran Shimony at CyberArk Labs for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:16:23.600Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/solutions/LEN-28093"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "System Update",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.07.0088",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Lenovo would like to thank Eran Shimony at CyberArk Labs for reporting this issue."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-26T15:22:15.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.lenovo.com/solutions/LEN-28093"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to the Lenovo System Update version 5.07.0088 (or newer)"
            }
          ],
          "source": {
            "advisory": "LEN-28093",
            "discovery": "EXTERNAL"
          },
          "title": "System Update Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.8"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2019-6175",
              "STATE": "PUBLIC",
              "TITLE": "System Update Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "System Update",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.07.0088"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Lenovo would like to thank Eran Shimony at CyberArk Labs for reporting this issue."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.8"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/solutions/LEN-28093",
                  "refsource": "MISC",
                  "url": "https://support.lenovo.com/solutions/LEN-28093"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade to the Lenovo System Update version 5.07.0088 (or newer)"
              }
            ],
            "source": {
              "advisory": "LEN-28093",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2019-6175",
        "datePublished": "2019-09-26T15:22:15.000Z",
        "dateReserved": "2019-01-11T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:16:23.600Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6163 (GCVE-0-2019-6163)

    Vulnerability from nvd – Published: 2019-06-26 14:12 – Updated: 2024-09-16 23:41
    VLAI
    Summary
    A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations.
    CWE
    • privilege escalation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo System Update Affected: unspecified , < 5.07.0084 (custom)
    Create a notification for this product.
    Date Public
    2019-06-25 00:00
    Credits
    Lenovo would like to thank Eran Shimony at CyberArk Labs for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:16:23.827Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/solutions/LEN-27348"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "System Update",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.07.0084",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Lenovo would like to thank Eran Shimony at CyberArk Labs for reporting this issue."
            }
          ],
          "datePublic": "2019-06-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "privilege escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-13T18:56:07.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.lenovo.com/solutions/LEN-27348"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to the Lenovo System Update version 5.07.0084 (or newer)."
            }
          ],
          "source": {
            "advisory": "LEN-27348",
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "DATE_PUBLIC": "2019-06-25T16:00:00.000Z",
              "ID": "CVE-2019-6163",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "System Update",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "5.07.0084"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Lenovo would like to thank Eran Shimony at CyberArk Labs for reporting this issue."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "privilege escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/solutions/LEN-27348",
                  "refsource": "MISC",
                  "url": "https://support.lenovo.com/solutions/LEN-27348"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade to the Lenovo System Update version 5.07.0084 (or newer)."
              }
            ],
            "source": {
              "advisory": "LEN-27348",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2019-6163",
        "datePublished": "2019-06-26T14:12:34.696Z",
        "dateReserved": "2019-01-11T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:41:01.176Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-9063 (GCVE-0-2018-9063)

    Vulnerability from nvd – Published: 2018-05-04 16:00 – Updated: 2024-09-16 20:12
    VLAI
    Summary
    MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program's buffer, causing undefined behaviors, such as execution of arbitrary code. No additional privilege is granted to the attacker beyond what is already possessed to run MapDrv.
    Severity
    No CVSS data available.
    CWE
    • Buffer overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Group Ltd. Lenovo System Update Affected: Earlier than 5.07.0072
    Create a notification for this product.
    Date Public
    2018-05-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:10:47.364Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "104125",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104125"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/solutions/LEN-19625"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Lenovo System Update",
              "vendor": "Lenovo Group Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Earlier than 5.07.0072"
                }
              ]
            }
          ],
          "datePublic": "2018-05-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "MapDrv (C:\\Program Files\\Lenovo\\System Update\\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program\u0027s buffer, causing undefined behaviors, such as execution of arbitrary code. No additional privilege is granted to the attacker beyond what is already possessed to run MapDrv."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-10T09:57:01.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "name": "104125",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104125"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.lenovo.com/us/en/solutions/LEN-19625"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "DATE_PUBLIC": "2018-05-03T00:00:00",
              "ID": "CVE-2018-9063",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Lenovo System Update",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Earlier than 5.07.0072"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo Group Ltd."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "MapDrv (C:\\Program Files\\Lenovo\\System Update\\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program\u0027s buffer, causing undefined behaviors, such as execution of arbitrary code. No additional privilege is granted to the attacker beyond what is already possessed to run MapDrv."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Buffer overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "104125",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104125"
                },
                {
                  "name": "https://support.lenovo.com/us/en/solutions/LEN-19625",
                  "refsource": "CONFIRM",
                  "url": "https://support.lenovo.com/us/en/solutions/LEN-19625"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2018-9063",
        "datePublished": "2018-05-04T16:00:00.000Z",
        "dateReserved": "2018-03-27T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:12:36.388Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-6971 (GCVE-0-2015-6971)

    Vulnerability from nvd – Published: 2017-10-02 18:00 – Updated: 2024-08-06 07:36
    VLAI
    Summary
    Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed Lenovo executables.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-10-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:36:34.598Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-018/?fid=7172"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/lsu_privilege"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-10-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed Lenovo executables."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-02T17:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-018/?fid=7172"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/lsu_privilege"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-6971",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed Lenovo executables."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-018/?fid=7172",
                  "refsource": "MISC",
                  "url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-018/?fid=7172"
                },
                {
                  "name": "https://support.lenovo.com/us/en/product_security/lsu_privilege",
                  "refsource": "CONFIRM",
                  "url": "https://support.lenovo.com/us/en/product_security/lsu_privilege"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-6971",
        "datePublished": "2017-10-02T18:00:00.000Z",
        "dateReserved": "2015-09-16T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:36:34.598Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-2234 (GCVE-0-2015-2234)

    Vulnerability from nvd – Published: 2015-05-12 19:00 – Updated: 2024-08-06 05:10
    VLAI
    Summary
    Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-04-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:10:15.451Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.lenovo.com/us/en/product_security/lsu_privilege"
              },
              {
                "name": "74634",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/74634"
              },
              {
                "name": "1032268",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id/1032268"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-04-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-30T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.lenovo.com/us/en/product_security/lsu_privilege"
            },
            {
              "name": "74634",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/74634"
            },
            {
              "name": "1032268",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id/1032268"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-2234",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf",
                  "refsource": "MISC",
                  "url": "http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf"
                },
                {
                  "name": "http://support.lenovo.com/us/en/product_security/lsu_privilege",
                  "refsource": "CONFIRM",
                  "url": "http://support.lenovo.com/us/en/product_security/lsu_privilege"
                },
                {
                  "name": "74634",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/74634"
                },
                {
                  "name": "1032268",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id/1032268"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-2234",
        "datePublished": "2015-05-12T19:00:00.000Z",
        "dateReserved": "2015-03-06T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:10:15.451Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-2233 (GCVE-0-2015-2233)

    Vulnerability from nvd – Published: 2015-05-12 19:00 – Updated: 2024-08-06 05:10
    VLAI
    Summary
    Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and execute arbitrary files via a crafted certificate.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-04-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:10:15.370Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.lenovo.com/us/en/product_security/lsu_privilege"
              },
              {
                "name": "1032268",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id/1032268"
              },
              {
                "name": "74642",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/74642"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-04-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and execute arbitrary files via a crafted certificate."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-11-30T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.lenovo.com/us/en/product_security/lsu_privilege"
            },
            {
              "name": "1032268",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id/1032268"
            },
            {
              "name": "74642",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/74642"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-2233",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and execute arbitrary files via a crafted certificate."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf",
                  "refsource": "MISC",
                  "url": "http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf"
                },
                {
                  "name": "http://support.lenovo.com/us/en/product_security/lsu_privilege",
                  "refsource": "CONFIRM",
                  "url": "http://support.lenovo.com/us/en/product_security/lsu_privilege"
                },
                {
                  "name": "1032268",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id/1032268"
                },
                {
                  "name": "74642",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/74642"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-2233",
        "datePublished": "2015-05-12T19:00:00.000Z",
        "dateReserved": "2015-03-06T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:10:15.370Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-2219 (GCVE-0-2015-2219)

    Vulnerability from nvd – Published: 2015-05-12 19:00 – Updated: 2024-08-06 05:10
    VLAI
    Summary
    Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-04-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:10:15.516Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "74649",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/74649"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.lenovo.com/us/en/product_security/lsu_privilege"
              },
              {
                "name": "1032268",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id/1032268"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-04-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-11-30T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "74649",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/74649"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.lenovo.com/us/en/product_security/lsu_privilege"
            },
            {
              "name": "1032268",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id/1032268"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-2219",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "74649",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/74649"
                },
                {
                  "name": "http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf",
                  "refsource": "MISC",
                  "url": "http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf"
                },
                {
                  "name": "http://support.lenovo.com/us/en/product_security/lsu_privilege",
                  "refsource": "CONFIRM",
                  "url": "http://support.lenovo.com/us/en/product_security/lsu_privilege"
                },
                {
                  "name": "1032268",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id/1032268"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-2219",
        "datePublished": "2015-05-12T19:00:00.000Z",
        "dateReserved": "2015-03-05T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:10:15.516Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-4632 (GCVE-0-2023-4632)

    Vulnerability from cvelistv5 – Published: 2023-11-08 21:58 – Updated: 2024-09-03 20:11
    VLAI
    Summary
    An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Impacted products
    Vendor Product Version
    Lenovo Lenovo System Update Affected: Versions prior to 5.08.02.25
    Create a notification for this product.
    Credits
    Lenovo thanks Matt Nelson, Hunter Orrantia and Max Harley of SpecterOps for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:31:06.627Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-135367"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4632",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-03T20:11:17.567850Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-03T20:11:48.263Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Lenovo System Update",
              "vendor": "Lenovo",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions prior to 5.08.02.25"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lenovo thanks Matt Nelson, Hunter Orrantia and Max Harley of SpecterOps for reporting this issue. "
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges."
                }
              ],
              "value": "An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-08T21:58:22.692Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "url": "https://support.lenovo.com/us/en/product_security/LEN-135367"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update Lenovo System Update to version 5.08.02.25 or later as indicated in the advisory.\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-135367\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-135367\u003c/a\u003e\u003cbr\u003e"
                }
              ],
              "value": "Update Lenovo System Update to version 5.08.02.25 or later as indicated in the advisory.\u00a0 https://support.lenovo.com/us/en/product_security/LEN-135367 \n"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2023-4632",
        "datePublished": "2023-11-08T21:58:16.371Z",
        "dateReserved": "2023-08-30T13:40:48.584Z",
        "dateUpdated": "2024-09-03T20:11:48.263Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-4568 (GCVE-0-2022-4568)

    Vulnerability from cvelistv5 – Published: 2023-05-01 14:36 – Updated: 2025-01-30 15:24
    VLAI
    Summary
    A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    Impacted products
    Vendor Product Version
    Lenovo Lenovo System Update Affected: All versions prior to 5.08.01.0005
    Create a notification for this product.
    Credits
    Lenovo thanks Raphael Rosenast of Compass Security for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:41:45.731Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-103545"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-4568",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-30T15:22:58.351170Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-276",
                    "description": "CWE-276 Incorrect Default Permissions",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-30T15:24:07.736Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Lenovo System Update",
              "vendor": "Lenovo",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 5.08.01.0005"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Lenovo thanks Raphael Rosenast of Compass Security for reporting this issue."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges."
                }
              ],
              "value": "A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276 Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-01T14:36:25.547Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "url": "https://support.lenovo.com/us/en/product_security/LEN-103545"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Customers should update the Lenovo System Update application to version 5.08.01.005 or later."
                }
              ],
              "value": "Customers should update the Lenovo System Update application to version 5.08.01.005 or later."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2022-4568",
        "datePublished": "2023-05-01T14:36:25.547Z",
        "dateReserved": "2022-12-16T19:30:59.872Z",
        "dateUpdated": "2025-01-30T15:24:07.736Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0354 (GCVE-0-2022-0354)

    Vulnerability from cvelistv5 – Published: 2022-04-22 20:30 – Updated: 2026-06-02 13:50
    VLAI
    Summary
    A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Insecure GUI
    • CWE-317 - Cleartext Storage of Sensitive Information in GUI
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo System Update Affected: various
    Create a notification for this product.
    Credits
    Lenovo thanks Daniel Feichter (@VirtualAllocEx) at Infosec Tirol for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:25:40.291Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-76673"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.infosec.tirol/cve-2022-0354/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-0354",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-02T13:48:54.060069Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-317",
                    "description": "CWE-317 Cleartext Storage of Sensitive Information in GUI",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T13:50:02.923Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "System Update",
              "vendor": "Lenovo",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Lenovo thanks Daniel Feichter (@VirtualAllocEx) at Infosec Tirol for reporting this issue."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Insecure GUI",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-26T22:24:43.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/LEN-76673"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.infosec.tirol/cve-2022-0354/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Follow Mitigation Strategy in LEN-76673."
            }
          ],
          "source": {
            "advisory": "LEN-76673",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2022-0354",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "System Update",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Lenovo thanks Daniel Feichter (@VirtualAllocEx) at Infosec Tirol for reporting this issue."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Insecure GUI"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/product_security/LEN-76673",
                  "refsource": "MISC",
                  "url": "https://support.lenovo.com/us/en/product_security/LEN-76673"
                },
                {
                  "name": "https://www.infosec.tirol/cve-2022-0354/",
                  "refsource": "MISC",
                  "url": "https://www.infosec.tirol/cve-2022-0354/"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Follow Mitigation Strategy in LEN-76673."
              }
            ],
            "source": {
              "advisory": "LEN-76673",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2022-0354",
        "datePublished": "2022-04-22T20:30:47.000Z",
        "dateReserved": "2022-01-24T00:00:00.000Z",
        "dateUpdated": "2026-06-02T13:50:02.923Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-8342 (GCVE-0-2020-8342)

    Vulnerability from cvelistv5 – Published: 2020-09-15 14:20 – Updated: 2024-09-17 00:01
    VLAI
    Summary
    A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege.
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo System Update Affected: unspecified , < 5.07.0106 (custom)
    Create a notification for this product.
    Date Public
    2020-09-15 00:00
    Credits
    Lenovo thanks Security Advisor, Anders Kusk, Improsec ApS for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:56:28.350Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-42150"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "System Update",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.07.0106",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Lenovo thanks Security Advisor, Anders Kusk, Improsec ApS for reporting this issue."
            }
          ],
          "datePublic": "2020-09-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-367",
                  "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-09-15T14:20:17.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/LEN-42150"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to the Lenovo System Update version 5.07.0106 (or newer)."
            }
          ],
          "source": {
            "advisory": "LEN-42150",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "DATE_PUBLIC": "2020-09-15T16:00:00.000Z",
              "ID": "CVE-2020-8342",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "System Update",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.07.0106"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Lenovo thanks Security Advisor, Anders Kusk, Improsec ApS for reporting this issue."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/product_security/LEN-42150",
                  "refsource": "MISC",
                  "url": "https://support.lenovo.com/us/en/product_security/LEN-42150"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade to the Lenovo System Update version 5.07.0106 (or newer)."
              }
            ],
            "source": {
              "advisory": "LEN-42150",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2020-8342",
        "datePublished": "2020-09-15T14:20:18.072Z",
        "dateReserved": "2020-01-28T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:01:40.101Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7334 (GCVE-0-2015-7334)

    Vulnerability from cvelistv5 – Published: 2020-03-27 14:05 – Updated: 2024-08-06 07:43
    VLAI
    Summary
    MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type COMMAND type could allow a user to execute arbitrary code with elevated privileges.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:43:46.173Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/lsu_privilege"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type COMMAND type could allow a user to execute arbitrary code with elevated privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-27T14:05:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/lsu_privilege"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-7334",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type COMMAND type could allow a user to execute arbitrary code with elevated privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/product_security/lsu_privilege",
                  "refsource": "MISC",
                  "url": "https://support.lenovo.com/us/en/product_security/lsu_privilege"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-7334",
        "datePublished": "2020-03-27T14:05:01.000Z",
        "dateReserved": "2015-09-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:43:46.173Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7336 (GCVE-0-2015-7336)

    Vulnerability from cvelistv5 – Published: 2020-03-27 14:05 – Updated: 2024-08-06 07:43
    VLAI
    Summary
    MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:43:46.216Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/lsu_privilege"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-27T14:05:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/lsu_privilege"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-7336",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/product_security/lsu_privilege",
                  "refsource": "MISC",
                  "url": "https://support.lenovo.com/us/en/product_security/lsu_privilege"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-7336",
        "datePublished": "2020-03-27T14:05:01.000Z",
        "dateReserved": "2015-09-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:43:46.216Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7335 (GCVE-0-2015-7335)

    Vulnerability from cvelistv5 – Published: 2020-03-27 14:05 – Updated: 2024-08-06 07:43
    VLAI
    Summary
    MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow a user to execute arbitrary code with elevated privileges.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:43:46.213Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/lsu_privilege"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow a user to execute arbitrary code with elevated privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-27T14:05:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/lsu_privilege"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-7335",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow a user to execute arbitrary code with elevated privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/product_security/lsu_privilege",
                  "refsource": "MISC",
                  "url": "https://support.lenovo.com/us/en/product_security/lsu_privilege"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-7335",
        "datePublished": "2020-03-27T14:05:01.000Z",
        "dateReserved": "2015-09-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:43:46.213Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7333 (GCVE-0-2015-7333)

    Vulnerability from cvelistv5 – Published: 2020-03-27 14:05 – Updated: 2024-08-06 07:43
    VLAI
    Summary
    MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type INF and INF_BY_COMPATIBLE_ID command types could allow a user to execute arbitrary code with elevated privileges.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:43:46.188Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/lsu_privilege"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type INF and INF_BY_COMPATIBLE_ID command types could allow a user to execute arbitrary code with elevated privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-27T14:05:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/lsu_privilege"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-7333",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type INF and INF_BY_COMPATIBLE_ID command types could allow a user to execute arbitrary code with elevated privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/product_security/lsu_privilege",
                  "refsource": "MISC",
                  "url": "https://support.lenovo.com/us/en/product_security/lsu_privilege"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-7333",
        "datePublished": "2020-03-27T14:05:01.000Z",
        "dateReserved": "2015-09-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:43:46.188Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6175 (GCVE-0-2019-6175)

    Vulnerability from cvelistv5 – Published: 2019-09-26 15:22 – Updated: 2024-08-04 20:16
    VLAI
    Title
    System Update Vulnerability
    Summary
    A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations.
    Severity
    No CVSS data available.
    CWE
    • Denial of service
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo System Update Affected: unspecified , < 5.07.0088 (custom)
    Create a notification for this product.
    Credits
    Lenovo would like to thank Eran Shimony at CyberArk Labs for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:16:23.600Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/solutions/LEN-28093"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "System Update",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.07.0088",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Lenovo would like to thank Eran Shimony at CyberArk Labs for reporting this issue."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-26T15:22:15.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.lenovo.com/solutions/LEN-28093"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to the Lenovo System Update version 5.07.0088 (or newer)"
            }
          ],
          "source": {
            "advisory": "LEN-28093",
            "discovery": "EXTERNAL"
          },
          "title": "System Update Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.8"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2019-6175",
              "STATE": "PUBLIC",
              "TITLE": "System Update Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "System Update",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.07.0088"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Lenovo would like to thank Eran Shimony at CyberArk Labs for reporting this issue."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.8"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/solutions/LEN-28093",
                  "refsource": "MISC",
                  "url": "https://support.lenovo.com/solutions/LEN-28093"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade to the Lenovo System Update version 5.07.0088 (or newer)"
              }
            ],
            "source": {
              "advisory": "LEN-28093",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2019-6175",
        "datePublished": "2019-09-26T15:22:15.000Z",
        "dateReserved": "2019-01-11T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:16:23.600Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6163 (GCVE-0-2019-6163)

    Vulnerability from cvelistv5 – Published: 2019-06-26 14:12 – Updated: 2024-09-16 23:41
    VLAI
    Summary
    A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations.
    CWE
    • privilege escalation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo System Update Affected: unspecified , < 5.07.0084 (custom)
    Create a notification for this product.
    Date Public
    2019-06-25 00:00
    Credits
    Lenovo would like to thank Eran Shimony at CyberArk Labs for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:16:23.827Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/solutions/LEN-27348"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "System Update",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.07.0084",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Lenovo would like to thank Eran Shimony at CyberArk Labs for reporting this issue."
            }
          ],
          "datePublic": "2019-06-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "privilege escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-13T18:56:07.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.lenovo.com/solutions/LEN-27348"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to the Lenovo System Update version 5.07.0084 (or newer)."
            }
          ],
          "source": {
            "advisory": "LEN-27348",
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "DATE_PUBLIC": "2019-06-25T16:00:00.000Z",
              "ID": "CVE-2019-6163",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "System Update",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "5.07.0084"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Lenovo would like to thank Eran Shimony at CyberArk Labs for reporting this issue."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "privilege escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/solutions/LEN-27348",
                  "refsource": "MISC",
                  "url": "https://support.lenovo.com/solutions/LEN-27348"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade to the Lenovo System Update version 5.07.0084 (or newer)."
              }
            ],
            "source": {
              "advisory": "LEN-27348",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2019-6163",
        "datePublished": "2019-06-26T14:12:34.696Z",
        "dateReserved": "2019-01-11T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:41:01.176Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-9063 (GCVE-0-2018-9063)

    Vulnerability from cvelistv5 – Published: 2018-05-04 16:00 – Updated: 2024-09-16 20:12
    VLAI
    Summary
    MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program's buffer, causing undefined behaviors, such as execution of arbitrary code. No additional privilege is granted to the attacker beyond what is already possessed to run MapDrv.
    Severity
    No CVSS data available.
    CWE
    • Buffer overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Group Ltd. Lenovo System Update Affected: Earlier than 5.07.0072
    Create a notification for this product.
    Date Public
    2018-05-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:10:47.364Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "104125",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104125"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/solutions/LEN-19625"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Lenovo System Update",
              "vendor": "Lenovo Group Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Earlier than 5.07.0072"
                }
              ]
            }
          ],
          "datePublic": "2018-05-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "MapDrv (C:\\Program Files\\Lenovo\\System Update\\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program\u0027s buffer, causing undefined behaviors, such as execution of arbitrary code. No additional privilege is granted to the attacker beyond what is already possessed to run MapDrv."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-10T09:57:01.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "name": "104125",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104125"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.lenovo.com/us/en/solutions/LEN-19625"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "DATE_PUBLIC": "2018-05-03T00:00:00",
              "ID": "CVE-2018-9063",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Lenovo System Update",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Earlier than 5.07.0072"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo Group Ltd."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "MapDrv (C:\\Program Files\\Lenovo\\System Update\\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program\u0027s buffer, causing undefined behaviors, such as execution of arbitrary code. No additional privilege is granted to the attacker beyond what is already possessed to run MapDrv."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Buffer overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "104125",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104125"
                },
                {
                  "name": "https://support.lenovo.com/us/en/solutions/LEN-19625",
                  "refsource": "CONFIRM",
                  "url": "https://support.lenovo.com/us/en/solutions/LEN-19625"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2018-9063",
        "datePublished": "2018-05-04T16:00:00.000Z",
        "dateReserved": "2018-03-27T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:12:36.388Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-6971 (GCVE-0-2015-6971)

    Vulnerability from cvelistv5 – Published: 2017-10-02 18:00 – Updated: 2024-08-06 07:36
    VLAI
    Summary
    Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed Lenovo executables.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-10-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:36:34.598Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-018/?fid=7172"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/lsu_privilege"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-10-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed Lenovo executables."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-02T17:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-018/?fid=7172"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/lsu_privilege"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-6971",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed Lenovo executables."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-018/?fid=7172",
                  "refsource": "MISC",
                  "url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-018/?fid=7172"
                },
                {
                  "name": "https://support.lenovo.com/us/en/product_security/lsu_privilege",
                  "refsource": "CONFIRM",
                  "url": "https://support.lenovo.com/us/en/product_security/lsu_privilege"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-6971",
        "datePublished": "2017-10-02T18:00:00.000Z",
        "dateReserved": "2015-09-16T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:36:34.598Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-2233 (GCVE-0-2015-2233)

    Vulnerability from cvelistv5 – Published: 2015-05-12 19:00 – Updated: 2024-08-06 05:10
    VLAI
    Summary
    Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and execute arbitrary files via a crafted certificate.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-04-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:10:15.370Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.lenovo.com/us/en/product_security/lsu_privilege"
              },
              {
                "name": "1032268",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id/1032268"
              },
              {
                "name": "74642",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/74642"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-04-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and execute arbitrary files via a crafted certificate."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-11-30T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.lenovo.com/us/en/product_security/lsu_privilege"
            },
            {
              "name": "1032268",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id/1032268"
            },
            {
              "name": "74642",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/74642"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-2233",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and execute arbitrary files via a crafted certificate."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf",
                  "refsource": "MISC",
                  "url": "http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf"
                },
                {
                  "name": "http://support.lenovo.com/us/en/product_security/lsu_privilege",
                  "refsource": "CONFIRM",
                  "url": "http://support.lenovo.com/us/en/product_security/lsu_privilege"
                },
                {
                  "name": "1032268",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id/1032268"
                },
                {
                  "name": "74642",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/74642"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-2233",
        "datePublished": "2015-05-12T19:00:00.000Z",
        "dateReserved": "2015-03-06T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:10:15.370Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-2234 (GCVE-0-2015-2234)

    Vulnerability from cvelistv5 – Published: 2015-05-12 19:00 – Updated: 2024-08-06 05:10
    VLAI
    Summary
    Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-04-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:10:15.451Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.lenovo.com/us/en/product_security/lsu_privilege"
              },
              {
                "name": "74634",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/74634"
              },
              {
                "name": "1032268",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id/1032268"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-04-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-30T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.lenovo.com/us/en/product_security/lsu_privilege"
            },
            {
              "name": "74634",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/74634"
            },
            {
              "name": "1032268",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id/1032268"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-2234",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf",
                  "refsource": "MISC",
                  "url": "http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf"
                },
                {
                  "name": "http://support.lenovo.com/us/en/product_security/lsu_privilege",
                  "refsource": "CONFIRM",
                  "url": "http://support.lenovo.com/us/en/product_security/lsu_privilege"
                },
                {
                  "name": "74634",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/74634"
                },
                {
                  "name": "1032268",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id/1032268"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-2234",
        "datePublished": "2015-05-12T19:00:00.000Z",
        "dateReserved": "2015-03-06T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:10:15.451Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-2219 (GCVE-0-2015-2219)

    Vulnerability from cvelistv5 – Published: 2015-05-12 19:00 – Updated: 2024-08-06 05:10
    VLAI
    Summary
    Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-04-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:10:15.516Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "74649",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/74649"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.lenovo.com/us/en/product_security/lsu_privilege"
              },
              {
                "name": "1032268",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id/1032268"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-04-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-11-30T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "74649",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/74649"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.lenovo.com/us/en/product_security/lsu_privilege"
            },
            {
              "name": "1032268",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id/1032268"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-2219",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "74649",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/74649"
                },
                {
                  "name": "http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf",
                  "refsource": "MISC",
                  "url": "http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf"
                },
                {
                  "name": "http://support.lenovo.com/us/en/product_security/lsu_privilege",
                  "refsource": "CONFIRM",
                  "url": "http://support.lenovo.com/us/en/product_security/lsu_privilege"
                },
                {
                  "name": "1032268",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id/1032268"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-2219",
        "datePublished": "2015-05-12T19:00:00.000Z",
        "dateReserved": "2015-03-05T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:10:15.516Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }