What is CVE-2015-6971?

CVE-2015-6971 is a high-severity vulnerability in Lenovo System_update, classified under Command Injection. CVSS score: 7.8/10. Published 2017-10-03.

How severe is CVE-2015-6971?

High severity. CVSS v3 base score is 7.8 out of 10.

RCE in Lenovo System_update

CVE-2015-6971

Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed Lenovo executables.

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.001 (30.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Lenovo System_update
N/a — versions n/a

Weakness classification (CWE)

CWE-77 — Command Injection

References

cve@mitre.org (Exploit, Third Party Advisory, x_refsource_MISC)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2015-6971?: CVE-2015-6971 is a high-severity vulnerability in Lenovo System_update, classified under Command Injection. CVSS score: 7.8/10. Published 2017-10-03.
How severe is CVE-2015-6971?: High severity. CVSS v3 base score is 7.8 out of 10.