CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2015-2219 – Lenovo System Update - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-2219
Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe. Lenovo System Update (anteriormente ThinkVantage System Update) anterior a 5.06.0034 utiliza tokens de seguridad previsibles, lo que permite a usuarios locales ganar privilegios mediante el envío de un token válido con un comando al servicio System Update (SUService.exe) a través de una tubería nombrada (named pipe) no especificada. The named pipe, \SUPipeServer, can be accessed by normal users to interact with the System update service. The service provides the possibility to execute arbitrary commands as SYSTEM if a valid security token is provided. This token can be generated by calling the GetSystemInfoData function in the DLL tvsutil.dll. • https://www.exploit-db.com/exploits/41708 http://securitytracker.com/id/1032268 http://support.lenovo.com/us/en/product_security/lsu_privilege http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf http://www.securityfocus.com/bid/74649 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2234
https://notcve.org/view.php?id=CVE-2015-2234
Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated. Condición de carrera en Lenovo System Update (anteriormente ThinkVantage System Update) anterior a 5.06.0034 utiliza permisos de lectura universal para el directorio de los ficheros de actualizaciones, lo que permite usuarios locales ganar privilegios mediante la escritura de un fichero de actualización después de que se valida la firma. • http://securitytracker.com/id/1032268 http://support.lenovo.com/us/en/product_security/lsu_privilege http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf http://www.securityfocus.com/bid/74634 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2233
https://notcve.org/view.php?id=CVE-2015-2233
Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and execute arbitrary files via a crafted certificate. Lenovo System Update (anteriormente ThinkVantage System Update) anterior a 5.06.0034 no valida correctamente las cadenas CA durante la validación de firmas, lo que permite a atacantes man-in-the-middle subir y ejecutar ficheros arbitrarios a través de un certificado manipulado. • http://securitytracker.com/id/1032268 http://support.lenovo.com/us/en/product_security/lsu_privilege http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf http://www.securityfocus.com/bid/74642 • CWE-310: Cryptographic Issues •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2015-3324
https://notcve.org/view.php?id=CVE-2015-3324
The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 does not validate server certificates during an "encrypted remote KVM session," which allows man-in-the-middle attackers to spoof servers. ThinkServer System Manager (TSM) Baseboard Management Controller anterior a firmware 1.27.73476 para ThinkServer RD350, RD450, RD550, RD650, y TD350 no valida los certificados de servidores durante una 'sesión KVM remota codificada,' lo que permite a atacantes man-in-the-middle falsificar servidores. • http://support.lenovo.com/us/en/product_security/tsm_weak_pw http://www.securityfocus.com/bid/74199 • CWE-310: Cryptographic Issues •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2015-3323
https://notcve.org/view.php?id=CVE-2015-3323
The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 allows remote attackers to cause a denial of service (web interface crash) via a malformed HTTP request during authentication. ThinkServer System Manager (TSM) Baseboard Management Controller anterior a firmware 1.27.73476 para ThinkServer RD350, RD450, RD550, RD650, y TD350 permite a atacantes remotos causar una denegación de servicio (caída de la interfaz web) a través de una solicitud HTTP malformada durante la autenticación. • http://support.lenovo.com/us/en/product_security/tsm_weak_pw http://www.securityfocus.com/bid/74197 • CWE-20: Improper Input Validation •