What is CVE-2015-2219?

CVE-2015-2219 is a vulnerability in Lenovo System_update, classified under CWE-264. Published 2015-05-12.

Is CVE-2015-2219 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Lenovo System_update

CVE-2015-2219

Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe)…

EPSS: 0.296 (96.7th percentile) — read the EPSS interpretation.

Affected products

Lenovo System_update
N/a — versions n/a

Weakness classification (CWE)

CWE-264

Public proof-of-concept exploits

rapid7/metasploit-framework
ARPSyndicate/cvemon

References

74649 (vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
1032268 (vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2015-2219?: CVE-2015-2219 is a vulnerability in Lenovo System_update, classified under CWE-264. Published 2015-05-12.
Is CVE-2015-2219 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.