CVE-2015-2219

Currently unrated

Key Information:

Vendor: Lenovo
Status: System Update
Vendor: CVE Published:; 12 May 2015

Summary

Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe.

References

http://www.securityfocus.com/bid/74649

vdb-entryx_refsource_BID

http://www.ioactive.com/pdfs/Lenovo_System_Update_Multipl...

x_refsource_MISC

http://support.lenovo.com/us/en/product_security/lsu_priv...

x_refsource_CONFIRM

Timeline

Vulnerability published
May 12, 2015
Vulnerability Reserved
Mar 5, 2015