CVE-2015-8109 — Lenovo System Update vulnerability

CWE-2554 documents4 sources

Severity

7.0HIGHNVD

EPSS

0.0%

top 87.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo System Update

Timeline

PublishedApr 24

Latest updateMay 17

Description

Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires knowledge of the time that this account was created, aka a "temporary administrator account vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages1 packages

▶NVDlenovo/lenovo_system_update5.07.0013

🔴Vulnerability Details

GHSA

GHSA-v693-3jc7-988p: Lenovo System Update (formerly ThinkVantage System Update) before 5↗2022-05-17

▶

CVEList

CVE-2015-8109: Lenovo System Update (formerly ThinkVantage System Update) before 5↗2017-04-24

▶

📋Vendor Advisories

Apache

Apache httpd: CVE-2014-8109↗

▶