CVE-2015-8110

Published: Apr 24, 2017Modified: May 13, 2026

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within the Tvsukernel.exe GUI application in the context of a temporary administrator account, aka a "local privilege escalation vulnerability."

Affected (1)

Products: Lenovo: Lenovo System Update

1 product

Lenovo System Update

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Lenovo Lenovo System Update	Up to 5.07.0013

Related CWEs

References (6)

http://www.securityfocus.com/bid/98037

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://ioactive.com/pdfs/IOActive_Advisory_Lenovo_TVSUkernel-Escalation-Privileges.pdf

Source: cve@mitre.org

ExploitThird Party Advisory

https://support.lenovo.com/us/en/product_security/lsu_privilege

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/98037

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://ioactive.com/pdfs/IOActive_Advisory_Lenovo_TVSUkernel-Escalation-Privileges.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://support.lenovo.com/us/en/product_security/lsu_privilege

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.