CVE-2015-7336

Published: Mar 27, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed.

Affected (1)

Products: Lenovo: System Update

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Lenovo System Update	Up to 5.07.0008

Related CWEs

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (2)

https://support.lenovo.com/us/en/product_security/lsu_privilege

Source: cve@mitre.org

Vendor Advisory

https://support.lenovo.com/us/en/product_security/lsu_privilege

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.