Privilege Escalation Vulnerability in Lenovo System Update by Lenovo
CVE-2015-2219

Currently unrated

Key Information:

Vendor: Lenovo
Status: System Update
Vendor: CVE Published:; 12 May 2015

Summary

The Lenovo System Update software prior to version 5.06.0034 contains a vulnerability that allows local users to exploit predictable security tokens. By sending a valid token to the System Update service (SUService.exe) through a named pipe, attackers can gain elevated privileges, potentially compromising the security of the system. This flaw underscores the importance of secure token generation and handling in software applications.

References

http://www.securityfocus.com/bid/74649

vdb-entryx_refsource_BID

http://www.ioactive.com/pdfs/Lenovo_System_Update_Multipl...

x_refsource_MISC

http://support.lenovo.com/us/en/product_security/lsu_priv...

x_refsource_CONFIRM

EPSS Score

32% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 12, 2015
Vulnerability Reserved
Mar 5, 2015