CVE-2015-7333

Published: Mar 27, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type INF and INF_BY_COMPATIBLE_ID command types could allow a user to execute arbitrary code with elevated privileges.

Affected (1)

Products: Lenovo: System Update

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Lenovo System Update	Up to 5.07.0008

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://support.lenovo.com/us/en/product_security/lsu_privilege

Source: cve@mitre.org

Vendor Advisory

https://support.lenovo.com/us/en/product_security/lsu_privilege

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.