CVE-2015-8110 Information

Description

Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) \Click here to learn more\ or (2) \View privacy policy\ within the Tvsukernel.exe GUI application in the context of a temporary administrator account aka a \local privilege escalation vulnerability.\

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

http://www.securityfocus.com/bid/98037 https://ioactive.com/pdfs/IOActive_Advisory_Lenovo_TVSUkernel-Escalation-Privileges.pdf https://support.lenovo.com/us/en/product_security/lsu_privilege

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8