Lenovo System Update Vulnerability: Arbitrary File Execution via Crafted Certificate
CVE-2015-2233 · HIGH Severity
AV:A/AC:L/AU:N/C:C/I:C/A:C
Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and execute arbitrary files via a crafted certificate.
Learn more about our Web Application Penetration Testing UK.