CVE-2015-8110 β€” Improper Privilege Management in Lenovo System Update

CWE-2643 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 84.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Lenovo System Update
Timeline
PublishedApr 24
Latest updateMay 17

Description

Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within the Tvsukernel.exe GUI application in the context of a temporary administrator account, aka a "local privilege escalation vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

β–ΆNVDlenovo/lenovo_system_update5.07.0013

πŸ”΄Vulnerability Details

2
GHSA
GHSA-vmjj-g27m-wrq6: Lenovo System Update (formerly ThinkVantage System Update) before 5β†—2022-05-17
β–Ά
CVEList
CVE-2015-8110: Lenovo System Update (formerly ThinkVantage System Update) before 5β†—2017-04-24
β–Ά
CVE-2015-8110 β€” Improper Privilege Management in Lenovo | cvebase