Lenovo System Update < 5.06.0034 Multiple Vulnerabilities

High Nessus Plugin ID 83736


The remote Windows host contains an application that is affected by multiple vulnerabilities.


The version of Lenovo System Update installed on the remote host is prior to 5.06.0034. It is, therefore, affected by the following vulnerabilities :

- A flaw exists in SUService.exe (System Update service) due to generating security tokens for a named pipe in a predictable manner. A local attacker, by sending a valid token, can exploit this flaw to execute commands to gain elevated privileges. (CVE-2015-2219)

- A flaw exists due to a failure to properly validate the certificate authority chain when downloading updates. A man-in-the-middle attacker, using a crafted certificate, can exploit this flaw to inject malicious updates, thereby allowing the execution of arbitrary files.

- A flaw exists due to signature validation for updates occurring in a directory having world-writeable permissions. This can allow a local attacker to swap the update before it is installed and thereby gain elevated privileges. (CVE-2015-2234)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.


Upgrade to Lenovo System Update 5.06.0034 or later.

See Also


Plugin Details

Severity: High

ID: 83736

File Name: lenovo_su_5_6_0_34.nasl

Version: $Revision: 1.5 $

Type: local

Agent: windows

Family: Windows

Published: 2015/05/21

Modified: 2017/11/27

Dependencies: 83737

Risk Information

Risk Factor: High


Base Score: 8.3

Temporal Score: 6.9

Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Vulnerability Information

CPE: cpe:/a:lenovo:system_update

Required KB Items: installed_sw/Lenovo System Update

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2015/04/14

Vulnerability Publication Date: 2015/04/14

Exploitable With

Metasploit (Lenovo System Update Privilege Escalation)

Reference Information

CVE: CVE-2015-2219, CVE-2015-2233, CVE-2015-2234

BID: 74634, 74642, 74649

OSVDB: 121521, 121522, 121523