Vulnerabilities Threats

English Russian Japanese LatAm Türkiye Brasil France Český Deutschland

KLA10572
Multiple vulnerabilities in Lenovo System Update

Updated: 05/22/2020
Detect date
?
 04/14/2015
Severity
?
 Critical
Description

Multiple serious vulnerabilities have been found in Lenovo System Update. Malicious users can exploit these vulnerabilities to bypass security restrictions or gain privileges.

Below is a complete list of vulnerabilities

  1. Lack of command piping restrictions can be exploited locally via named pipe manipulations;
  2. Lack of file signatures verification can be exploited remotely via a specially designed executable files;
  3. Lack of directory permissions restrictions can be exploited locally via a files manipulations.
Affected products

Lenovo System Update versions earlier than 5.06.0034
Solution

Update to the latest version
Get Lenovo System Update
Original advisories

IOActive advisory
Lenovo advisory
Impacts
?
SB 
[?]

PE 
[?]
Related products
 Lenovo System Update
CVE-IDS
?
CVE-2015-22346.9High
CVE-2015-22338.3Critical
CVE-2015-22197.2High
© 2021 AO Kaspersky Lab. All Rights Reserved.
Privacy Policy

Up