CVE-2015-8109
Severity CVSS v4.0:
Pending analysis
Type:
CWE-255
Credentials Management
Publication date:
24/04/2017
Last modified:
20/04/2025
Description
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires knowledge of the time that this account was created, aka a "temporary administrator account vulnerability."
Impact
Base Score 3.x
7.00
Severity 3.x
HIGH
Base Score 2.0
6.90
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:lenovo:lenovo_system_update:*:*:*:*:*:*:*:* | 5.07.0013 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.securityfocus.com/bid/98039
- https://ioactive.com/pdfs/IOActive_Advisory_Lenovo_SystemUpdate-Insecure-Random-Admin-Password.pdf
- https://support.lenovo.com/us/en/product_security/lsu_privilege
- http://www.securityfocus.com/bid/98039
- https://ioactive.com/pdfs/IOActive_Advisory_Lenovo_SystemUpdate-Insecure-Random-Admin-Password.pdf
- https://support.lenovo.com/us/en/product_security/lsu_privilege