This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.
A remote Windows host contains a program that is prone to a spoofing
The remote host is running ThinkVantage System Update, a software
distribution tool for Lenovo computers.
The version of System Update installed on the remote host reportedly
does not perform certificate chain verification when initiating an SSL
connection with an update server. An attacker who could redirect
connections to a malicious server could leverage this issue to send
specially crafted XML and EXE files in response to requests from
System Update, which would then lead to arbitrary code execution.
See also :
Upgrade to System Update 3.14 or later.
Risk factor :
High / CVSS Base Score : 7.6
CVSS Temporal Score : 6.6
Public Exploit Available : true