Lucene search

[email protected]CVE-2015-7336

HistoryMar 27, 2020 - 3:15 p.m.

CVE-2015-7336

2020-03-2715:15:11

CWE-347

[email protected]

web.nvd.nist.gov

107

cve-2015-7336

lenovo

system update

vulnerability

signature bypass

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.9%

JSON

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed.

Affected configurations

NVD

Node

lenovosystem_updateRange≤5.07.0008

CPENameOperatorVersion
lenovo:system_updatelenovo system updatele5.07.0008

CPE	Name	Operator	Version
lenovo:system_update	lenovo system update	le	5.07.0008

References

support.lenovo.com/us/en/product_security/lsu_privilege

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.9%

JSON

Related for CVE-2015-7336

cvelist1 nvd1 prion1 lenovo2