Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-2219

CWE-2644 documents4 sources
Severity
7.2HIGH
EPSS
29.6%
top 3.38%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Lenovo System Update
Timeline
PublishedMay 12
Latest updateMay 17

Description

Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

NVDlenovo/system_update5.06.0027

🔴Vulnerability Details

2
GHSA
GHSA-fc78-c6mj-8vjm: Lenovo System Update (formerly ThinkVantage System Update) before 52022-05-17
CVEList
CVE-2015-2219: Lenovo System Update (formerly ThinkVantage System Update) before 52015-05-12

💥Exploits & PoCs

1
Exploit-DB
Lenovo System Update - Local Privilege Escalation (Metasploit)2015-04-12
CVE-2015-2219 (HIGH CVSS 7.2) | Lenovo System Update (formerly Thin | cvebase.io