CVE-2015-7336Improper Verification of Cryptographic Signature in Lenovo System Update

CWE-347Improper Verification of Cryptographic Signature3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 70.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Lenovo System Update
Timeline
PublishedMar 27
Latest updateMay 24

Description

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDlenovo/system_update5.07.0008

🔴Vulnerability Details

2
GHSA
GHSA-wpvw-pr5h-hv7q: MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA2022-05-24
CVEList
CVE-2015-7336: MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA2020-03-27
CVE-2015-7336 — Lenovo System Update vulnerability | cvebase