PT-2020-7879 · Lenovo · Lenovo System Update

Published

2020-03-27

Updated

2020-03-30

CVE-2015-7334

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Lenovo System Update versions 5.07.0008 and prior

Description: A local privilege escalation issue was reported in Lenovo System Update, where the SUService.exe /type COMMAND type could allow a user to execute arbitrary code with elevated privileges. This issue was fixed and publicly disclosed in 2015.

Recommendations: For versions 5.07.0008 and prior, update to a version released after 2015 to resolve the issue. As a temporary workaround, consider restricting the use of the SUService.exe /type COMMAND type to minimize the risk of exploitation.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2015-7334

Affected Products

Lenovo System Update

PT-2020-7879 · Lenovo · Lenovo System Update

CVE-2015-7334

Weakness Enumeration

Related Identifiers

Affected Products

References · 4