CVE-2015-8109

Опубликовано: 24 апр. 2017

Источник: nvd

CVSS3: 7

CVSS2: 6.9

EPSS Низкий

Описание

Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires knowledge of the time that this account was created, aka a "temporary administrator account vulnerability."

Ссылки

http://www.securityfocus.com/bid/98039
https://ioactive.com/pdfs/IOActive_Advisory_Lenovo_SystemUpdate-Insecure-Random-Admin-Password.pdf
Exploit
Third Party Advisory
https://support.lenovo.com/us/en/product_security/lsu_privilege
Vendor Advisory
http://www.securityfocus.com/bid/98039
https://ioactive.com/pdfs/IOActive_Advisory_Lenovo_SystemUpdate-Insecure-Random-Admin-Password.pdf
Exploit
Third Party Advisory
https://support.lenovo.com/us/en/product_security/lsu_privilege
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:lenovo:lenovo_system_update:*:*:*:*:*:*:*:*

Версия до 5.07.0013 (включая)

EPSS

Процентиль: 13%

0.00043

Низкий

7 High

CVSS3

6.9 Medium

CVSS2

Дефекты

CWE-255

Связанные уязвимости

GHSA-v693-3jc7-988p