Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Lenovo System Update 权限许可和访问控制漏洞
Vulnerability Description
联想System Update(前称ThinkVantage System Update)是中国联想(Lenovo)公司的一套系统自动更新工具,它包括设备驱动更新、Windows系统补丁更新等。 Lenovo System Update 5.06.0034之前版本中存在安全漏洞,该漏洞源于程序使用可预测的安全令牌。本地攻击者可通过向System Update服务(SUService.exe)发送带有命令的有效令牌利用该漏洞获取权限。
CVSS Information
N/A
Vulnerability Type
N/A