CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6175 – System Update Vulnerability
https://notcve.org/view.php?id=CVE-2019-6175
26 Sep 2019 — A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations. Se reportó una vulnerabilidad de denegación de servicio en Lenovo System Update versiones anteriores a 5.07.0088, lo que podría permitir que los archivos de configuración se escriban en ubicaciones no estándar • https://support.lenovo.com/solutions/LEN-28093 •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2019-6163
https://notcve.org/view.php?id=CVE-2019-6163
26 Jun 2019 — A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations. Se comunicó una vulnerabilidad de denegación de servicio en Lenovo System Update en versiones anteriores a la 5.07.0084 que podría permitir que los archivos de registro de servicio sean escritos en ubicaciones no standard. • https://support.lenovo.com/solutions/LEN-27348 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9063 – Lenovo SU 5.07 Buffer Overflow
https://notcve.org/view.php?id=CVE-2018-9063
04 May 2018 — MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program's buffer, causing undefined behaviors, such as execution of arbitrary code. No additional privilege is granted to the attacker beyond what is already possessed to run MapDrv. MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) en Lenovo System Update, en versiones anteriores a l... • http://www.securityfocus.com/bid/104125 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-6971
https://notcve.org/view.php?id=CVE-2015-6971
02 Oct 2017 — Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed Lenovo executables. Lenovo System Update (anteriormente ThinkVantage System Update) en versiones anteriores a la 5.07.0013 permite que los usuarios locales envíen comandos al servicio System Update (SUService.exe) y obtengan privilegios abriendo ejecutables firmados por Lenovo. • https://support.lenovo.com/us/en/product_security/lsu_privilege • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 32%CPEs: 1EXPL: 2CVE-2015-2219 – Lenovo System Update - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-2219
12 May 2015 — Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe. Lenovo System Update (anteriormente ThinkVantage System Update) anterior a 5.06.0034 utiliza tokens de seguridad previsibles, lo que permite a usuarios locales ganar privilegios mediante el envío de un token válido con un comando al servi... • https://packetstorm.news/files/id/132019 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2233
https://notcve.org/view.php?id=CVE-2015-2233
12 May 2015 — Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and execute arbitrary files via a crafted certificate. Lenovo System Update (anteriormente ThinkVantage System Update) anterior a 5.06.0034 no valida correctamente las cadenas CA durante la validación de firmas, lo que permite a atacantes man-in-the-middle subir y ejecutar ficheros arbitrarios a través de un certifica... • http://securitytracker.com/id/1032268 • CWE-310: Cryptographic Issues •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2234
https://notcve.org/view.php?id=CVE-2015-2234
12 May 2015 — Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated. Condición de carrera en Lenovo System Update (anteriormente ThinkVantage System Update) anterior a 5.06.0034 utiliza permisos de lectura universal para el directorio de los ficheros de actualizaciones, lo que permite usuarios locales ganar privile... • http://securitytracker.com/id/1032268 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •