CVE-2015-6971

Published: Oct 3, 2017Modified: May 13, 2026

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed Lenovo executables.

Affected (1)

Products: Lenovo: System Update

Lenovo

1 product

System Update

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Lenovo System Update	Up to 5.06.0034

Related CWEs

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (4)

https://support.lenovo.com/us/en/product_security/lsu_privilege

Source: cve@mitre.org

Vendor Advisory

https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-018/?fid=7172

Source: cve@mitre.org

ExploitThird Party Advisory

https://support.lenovo.com/us/en/product_security/lsu_privilege

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-018/?fid=7172

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.