PT-2020-7881 · Lenovo · Lenovo System Update

Published

2020-03-27

Updated

2020-04-01

CVE-2015-7336

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Lenovo System Update versions 5.07.0008 and prior

Description: A vulnerability was reported in Lenovo System Update that could allow the signature check of an update to be bypassed. This issue was fixed and publicly disclosed in 2015.

Recommendations: For versions 5.07.0008 and prior, update to a version released after 2015 to resolve the issue. As a temporary workaround, consider restricting the use of the Lenovo System Update feature until a patch is applied.

Fix

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-347

Related Identifiers

CVE-2015-7336

Affected Products

Lenovo System Update

PT-2020-7881 · Lenovo · Lenovo System Update

CVE-2015-7336

Weakness Enumeration

Related Identifiers

Affected Products

References · 4