Lenovo · Lenovo Accelerator Application · CVE-2016-3944
**Name of the Vulnerable Software and Affected Versions**
Lenovo Accelerator Application (affected versions not specified)
**Description**
The issue allows man-in-the-middle attackers to execute arbitrary code by spoofing an update response from the `susapi.lenovomm.com` API endpoint. This is due to a flaw in the UpdateAgent component.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.