Описание
Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.06.0027 (включая)
cpe:2.3:a:lenovo:system_update:*:*:*:*:*:*:*:*
EPSS
Процентиль: 7%
0.00026
Низкий
6.9 Medium
CVSS2
Дефекты
CWE-362
Связанные уязвимости
github
больше 3 лет назад
Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated.
EPSS
Процентиль: 7%
0.00026
Низкий
6.9 Medium
CVSS2
Дефекты
CWE-362