7 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
18.9%
Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and execute arbitrary files via a crafted certificate.
securitytracker.com/id/1032268
support.lenovo.com/us/en/product_security/lsu_privilege
www.ioactive.com/pdfs/Lenovo_System_Update_Multiple_Privilege_Escalations.pdf
www.securityfocus.com/bid/74642