CVE-2015-6971

7.8HIGH

Key Information:

Vendor: Lenovo
Status: System Update
Vendor: CVE Published:; 3 October 2017

Summary

Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed Lenovo executables.

References

https://www.trustwave.com/Resources/Security-Advisories/A...

x_refsource_MISC

https://support.lenovo.com/us/en/product_security/lsu_pri...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 3, 2017
Vulnerability Reserved
Sep 16, 2015