CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2015-8109
https://notcve.org/view.php?id=CVE-2015-8109
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires knowledge of the time that this account was created, aka a "temporary administrator account vulnerability." Lenovo System Update (antes ThinkVantage System Update) en versiones anteriores a 5.07.0019 permite a usuarios locales obtener privilegios haciendo una predicción de las credenciales de la cuenta tvsu_tmp_xxxxxXXXXX que requiere el conocimiento del tiempo que se creó esta cuenta, vulnerabilidad también conocida como "vulnerabilidad temporal de la cuenta de administrador". • http://www.securityfocus.com/bid/98039 https://ioactive.com/pdfs/IOActive_Advisory_Lenovo_SystemUpdate-Insecure-Random-Admin-Password.pdf https://support.lenovo.com/us/en/product_security/lsu_privilege • CWE-255: Credentials Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-8110
https://notcve.org/view.php?id=CVE-2015-8110
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within the Tvsukernel.exe GUI application in the context of a temporary administrator account, aka a "local privilege escalation vulnerability." Lenovo System Update (antes ThinkVantage System Update) en versiones anteriores a 5.07.0019 permite a usuarios locales obtener privilegios navegando a (1) "Haz clic aquí para obtener más información" o (2) "Ver política de privacidad" dentro de la aplicación GUI de Tvsukernel.exe en el contexto de una cuenta de administrador temporal, vulnerabilidad también conocida como "vulnerabilidad de escalamiento de privilegios locales". • http://www.securityfocus.com/bid/98037 https://ioactive.com/pdfs/IOActive_Advisory_Lenovo_TVSUkernel-Escalation-Privileges.pdf https://support.lenovo.com/us/en/product_security/lsu_privilege • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2233
https://notcve.org/view.php?id=CVE-2015-2233
Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and execute arbitrary files via a crafted certificate. Lenovo System Update (anteriormente ThinkVantage System Update) anterior a 5.06.0034 no valida correctamente las cadenas CA durante la validación de firmas, lo que permite a atacantes man-in-the-middle subir y ejecutar ficheros arbitrarios a través de un certificado manipulado. • http://securitytracker.com/id/1032268 http://support.lenovo.com/us/en/product_security/lsu_privilege http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf http://www.securityfocus.com/bid/74642 • CWE-310: Cryptographic Issues •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2234
https://notcve.org/view.php?id=CVE-2015-2234
Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated. Condición de carrera en Lenovo System Update (anteriormente ThinkVantage System Update) anterior a 5.06.0034 utiliza permisos de lectura universal para el directorio de los ficheros de actualizaciones, lo que permite usuarios locales ganar privilegios mediante la escritura de un fichero de actualización después de que se valida la firma. • http://securitytracker.com/id/1032268 http://support.lenovo.com/us/en/product_security/lsu_privilege http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf http://www.securityfocus.com/bid/74634 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2CVE-2015-2219 – Lenovo System Update Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-2219
Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe. Lenovo System Update (anteriormente ThinkVantage System Update) anterior a 5.06.0034 utiliza tokens de seguridad previsibles, lo que permite a usuarios locales ganar privilegios mediante el envío de un token válido con un comando al servicio System Update (SUService.exe) a través de una tubería nombrada (named pipe) no especificada. The named pipe, \SUPipeServer, can be accessed by normal users to interact with the System update service. The service provides the possibility to execute arbitrary commands as SYSTEM if a valid security token is provided. This token can be generated by calling the GetSystemInfoData function in the DLL tvsutil.dll. • https://www.exploit-db.com/exploits/41708 http://securitytracker.com/id/1032268 http://support.lenovo.com/us/en/product_security/lsu_privilege http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf http://www.securityfocus.com/bid/74649 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/local/lenovo_systemupdate.rb • CWE-264: Permissions, Privileges, and Access Controls •