CVE-2015-2233

Currently unrated

Key Information:

Vendor: Lenovo
Status: System Update
Vendor: CVE Published:; 12 May 2015

Summary

Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and execute arbitrary files via a crafted certificate.

References

http://www.ioactive.com/pdfs/Lenovo_System_Update_Multipl...

x_refsource_MISC

http://support.lenovo.com/us/en/product_security/lsu_priv...

x_refsource_CONFIRM

http://securitytracker.com/id/1032268

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
May 12, 2015
Vulnerability Reserved
Mar 6, 2015