CVE-2015-6971

CWE-77Command Injection3 documents3 sources
Severity
7.8HIGH
EPSS
0.1%
top 69.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Lenovo System Update
Timeline
PublishedOct 3
Latest updateMay 17

Description

Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed Lenovo executables.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

NVDlenovo/system_update5.06.0034

🔴Vulnerability Details

2
GHSA
GHSA-vmc6-mwr4-rfxp: Lenovo System Update (formerly ThinkVantage System Update) before 52022-05-17
CVEList
CVE-2015-6971: Lenovo System Update (formerly ThinkVantage System Update) before 52017-10-02
CVE-2015-6971 (HIGH CVSS 7.8) | Lenovo System Update (formerly Thin | cvebase.io