Predictable Security Tokens in Lenovo System Update Allows Privilege Escalation

Predictable Security Tokens in Lenovo System Update Allows Privilege Escalation

CVE-2015-2219 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe.

Learn more about our Cis Benchmark Audit For Suse Linux Enterprise Server.