CVE-2015-2219

Lenovo System Update < 5.06.0027 - Access Control

Title source: rule

Description

Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/41708

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Michael Milvich, Sofiane Talmat, h0ng10 · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/lenovo_systemupdate.rb

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] http://securitytracker.com/id/1032268

[Vendor Advisory] http://support.lenovo.com/us/en/product_security/lsu_privilege

[Various Sources] http://www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/74649

Scores

EPSS 0.2958

EPSS Percentile 96.6%

Details

CWE

CWE-264

Status published

Products (1)

lenovo/system_update < 5.06.0027

Published May 12, 2015

Tracked Since Feb 18, 2026