Vulnerabilities > CVE-2015-8109 - Credentials Management vulnerability in Lenovo System Update 5.07.0013
Attack vector
LOCAL Attack complexity
HIGH Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires knowledge of the time that this account was created, aka a "temporary administrator account vulnerability."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
References
- http://www.securityfocus.com/bid/98039
- http://www.securityfocus.com/bid/98039
- https://ioactive.com/pdfs/IOActive_Advisory_Lenovo_SystemUpdate-Insecure-Random-Admin-Password.pdf
- https://ioactive.com/pdfs/IOActive_Advisory_Lenovo_SystemUpdate-Insecure-Random-Admin-Password.pdf
- https://support.lenovo.com/us/en/product_security/lsu_privilege
- https://support.lenovo.com/us/en/product_security/lsu_privilege