KLA10572
Multiple vulnerabilities in Lenovo System Update
Updated: 06/01/2019
Detect date
?
04/14/2015
Severity
?
Critical
Description

Multiple serious vulnerabilities have been found in Lenovo System Update. Malicious users can exploit these vulnerabilities to bypass security restrictions or gain privileges.

Below is a complete list of vulnerabilities

  1. Lack of command piping restrictions can be exploited locally via named pipe manipulations;
  2. Lack of file signatures verification can be exploited remotely via a specially designed executable files;
  3. Lack of directory permissions restrictions can be exploited locally via a files manipulations.
Affected products

Lenovo System Update versions earlier than 5.06.0034

Solution

Update to the latest version
Get Lenovo System Update

Original advisories

IOActive advisory
Lenovo advisory

Impacts
?
SB 
[?]

PE 
[?]
CVE-IDS
?