CVE-2015-2233

CWE-3105 documents4 sources
Severity
8.3HIGH
EPSS
0.1%
top 76.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Lenovo System Update
Timeline
PublishedMay 12
Latest updateMay 17

Description

Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and execute arbitrary files via a crafted certificate.

CVSS vector

AV:A/AC:L/C:C/I:C/A:CExploitability: 6.5 | Impact: 10.0

Affected Packages1 packages

NVDlenovo/system_update5.06.0027

🔴Vulnerability Details

2
GHSA
GHSA-fqpg-f87m-4pv9: Lenovo System Update (formerly ThinkVantage System Update) before 52022-05-17
CVEList
CVE-2015-2233: Lenovo System Update (formerly ThinkVantage System Update) before 52015-05-12

💬Community

2
Bugzilla
CVE-2014-8241 tigervnc: NULL pointer dereference flaw in XRegion2014-10-10
Bugzilla
CVE-2014-8240 tigervnc: integer overflow flaw, leading to a heap-based buffer overflow in screen size handling2014-10-10
CVE-2015-2233 (HIGH CVSS 8.3) | Lenovo System Update (formerly Thin | cvebase.io