PT-2020-7880 · Lenovo · Lenovo System Update

Published

2020-03-27

Updated

2020-03-30

CVE-2015-7335

CVSS v2.0

6.9

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Lenovo System Update versions 5.07.0008 and prior

Description: A race condition was reported in Lenovo System Update that could allow a user to execute arbitrary code with elevated privileges. The issue was fixed and publicly disclosed in 2015.

Recommendations: For versions 5.07.0008 and prior, update to a version released after 2015 to resolve the issue. As a temporary workaround, consider restricting the use of the Lenovo System Update until a patch is applied.

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

CVE-2015-7335

Affected Products

Lenovo System Update

PT-2020-7880 · Lenovo · Lenovo System Update

CVE-2015-7335

Weakness Enumeration

Related Identifiers

Affected Products

References · 4