Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-8110

Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within the Tvsukernel.exe GUI application in the context of a temporary administrator account, aka a "local privilege escalation vulnerability."

Published

2017-04-24T06:59:00.540

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
CWE-264

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	lenovo	lenovo_system_update	≤ 5.07.0013	Yes

References

http://www.securityfocus.com/bid/98037 Third Party Advisory, VDB Entry ([email protected])
https://ioactive.com/pdfs/IOActive_Advisory_Lenovo_TVSUkernel-Escalation-Privileges.pdf Exploit, Third Party Advisory ([email protected])
https://support.lenovo.com/us/en/product_security/lsu_privilege Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/98037 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://ioactive.com/pdfs/IOActive_Advisory_Lenovo_TVSUkernel-Escalation-Privileges.pdf Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.lenovo.com/us/en/product_security/lsu_privilege Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)