CVE-2015-8110

7.8HIGH

Key Information:

Vendor
Lenovo
Status
Lenovo System Update
Vendor
CVE Published:
24 April 2017

Summary

Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within the Tvsukernel.exe GUI application in the context of a temporary administrator account, aka a "local privilege escalation vulnerability."

References

http://www.securityfocus.com/bid/98037
vdb-entryx_refsource_BID
https://ioactive.com/pdfs/IOActive_Advisory_Lenovo_TVSUke...
x_refsource_MISC
https://support.lenovo.com/us/en/product_security/lsu_pri...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.