Lenovo System Update Vulnerability: Arbitrary File Execution via Crafted Certificate

CVE-2015-2233 · HIGH Severity

AV:A/AC:L/AU:N/C:C/I:C/A:C

Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and execute arbitrary files via a crafted certificate.

Learn more about our Web Application Penetration Testing UK.