7.8

CVE-2015-8110

Exploit

EPSS 0.05%
Veröffentlicht 24.04.2017 06:59:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within the Tvsukernel.exe GUI application in the context of a temporary administrator account, aka a "local privilege escalation vulnerability."

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Lenovo ≫ Lenovo System Update Version <= 5.07.0013

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.126

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

https://support.lenovo.com/us/en/product_security/lsu_privilege

Vendor Advisory

http://www.securityfocus.com/bid/98037

Third Party Advisory

VDB Entry

https://ioactive.com/pdfs/IOActive_Advisory_Lenovo_TVSUkernel-Escalation-Privileges.pdf

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2015-8110

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-8110

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-8110

EUVD