Vulnerability Description
Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lenovo | System Update | <= 5.06.0027 |
Related Weaknesses (CWE)
References
- http://securitytracker.com/id/1032268
- http://support.lenovo.com/us/en/product_security/lsu_privilegeVendor Advisory
- http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations
- http://www.securityfocus.com/bid/74649
- http://securitytracker.com/id/1032268
- http://support.lenovo.com/us/en/product_security/lsu_privilegeVendor Advisory
- http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations
- http://www.securityfocus.com/bid/74649
FAQ
What is CVE-2015-2219?
CVE-2015-2219 is a vulnerability with a CVSS score of 7.2 (HIGH). Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the...
How severe is CVE-2015-2219?
CVE-2015-2219 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-2219?
Check the references section above for vendor advisories and patch information. Affected products include: Lenovo System Update.