// For flags

CVE-2015-2234

 

Severity Score

6.9
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated.

Condición de carrera en Lenovo System Update (anteriormente ThinkVantage System Update) anterior a 5.06.0034 utiliza permisos de lectura universal para el directorio de los ficheros de actualizaciones, lo que permite usuarios locales ganar privilegios mediante la escritura de un fichero de actualización después de que se valida la firma.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-03-06 CVE Reserved
  • 2015-05-12 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Lenovo
Search vendor "Lenovo"
 System Update
Search vendor "Lenovo" for product "System Update"
 <= 5.06.0027
Search vendor "Lenovo" for product "System Update" and version " <= 5.06.0027"
-
Affected