Privilege Escalation via Race Condition in Lenovo System Update

Privilege Escalation via Race Condition in Lenovo System Update

CVE-2015-2234 · MEDIUM Severity

AV:L/AC:M/AU:N/C:C/I:C/A:C

Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated.

Learn more about our User Device Pen Test.