CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2234
https://notcve.org/view.php?id=CVE-2015-2234
Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated. Condición de carrera en Lenovo System Update (anteriormente ThinkVantage System Update) anterior a 5.06.0034 utiliza permisos de lectura universal para el directorio de los ficheros de actualizaciones, lo que permite usuarios locales ganar privilegios mediante la escritura de un fichero de actualización después de que se valida la firma. • http://securitytracker.com/id/1032268 http://support.lenovo.com/us/en/product_security/lsu_privilege http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf http://www.securityfocus.com/bid/74634 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2CVE-2015-2219 – Lenovo System Update Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-2219
Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe. Lenovo System Update (anteriormente ThinkVantage System Update) anterior a 5.06.0034 utiliza tokens de seguridad previsibles, lo que permite a usuarios locales ganar privilegios mediante el envío de un token válido con un comando al servicio System Update (SUService.exe) a través de una tubería nombrada (named pipe) no especificada. The named pipe, \SUPipeServer, can be accessed by normal users to interact with the System update service. The service provides the possibility to execute arbitrary commands as SYSTEM if a valid security token is provided. This token can be generated by calling the GetSystemInfoData function in the DLL tvsutil.dll. • https://www.exploit-db.com/exploits/41708 http://securitytracker.com/id/1032268 http://support.lenovo.com/us/en/product_security/lsu_privilege http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf http://www.securityfocus.com/bid/74649 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/local/lenovo_systemupdate.rb • CWE-264: Permissions, Privileges, and Access Controls •