Описание
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within the Tvsukernel.exe GUI application in the context of a temporary administrator account, aka a "local privilege escalation vulnerability."
Ссылки
- Third Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.07.0013 (включая)
cpe:2.3:a:lenovo:lenovo_system_update:*:*:*:*:*:*:*:*
EPSS
Процентиль: 16%
0.00051
Низкий
7.8 High
CVSS3
7.2 High
CVSS2
Дефекты
CWE-264
Связанные уязвимости
CVSS3: 7.8
github
больше 3 лет назад
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within the Tvsukernel.exe GUI application in the context of a temporary administrator account, aka a "local privilege escalation vulnerability."
EPSS
Процентиль: 16%
0.00051
Низкий
7.8 High
CVSS3
7.2 High
CVSS2
Дефекты
CWE-264