Privilege Escalation Vulnerability in Lenovo System Update
CVE-2015-6971

7.8HIGH

Key Information:

Vendor: Lenovo
Status: System Update
Vendor: CVE Published:; 3 October 2017

Summary

A vulnerability in Lenovo System Update allows local users to submit arbitrary commands to the SUService.exe, potentially leading to unauthorized privilege escalation. This occurs when signed Lenovo executables are launched, providing a pathway for malicious users to gain elevated access within the system. Security updates are recommended to mitigate the risks associated with this flaw.

References

https://www.trustwave.com/Resources/Security-Advisories/A...

x_refsource_MISC

https://support.lenovo.com/us/en/product_security/lsu_pri...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 3, 2017
Vulnerability Reserved
Sep 16, 2015