CVE-2015-7336 - OpenCVE

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Lenovo	System Update

Configuration 1 [-]

cpe:2.3:a:lenovo:system_update:*:*:*:*:*:*:*:*

References

Link	Resource
https://support.lenovo.com/us/en/product_security/lsu_privilege	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-03-27T14:05:01

Updated: 2020-03-27T14:05:01

Reserved: 2015-09-23T00:00:00

Link: CVE-2015-7336

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-03-27T15:15:11.710

Modified: 2020-04-01T18:51:40.660

Link: CVE-2015-7336

JSON object: View

Redhat Information

No data.

CWE

CWE-347

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lenovo:system_update:*:*:*:*:*:*:*:*", "matchCriteriaId": "7488711D-D790-4E7B-969D-B02E86C2F610", "versionEndIncluding": "5.07.0008", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed."}, {"lang": "es", "value": "MITRE est\u00e1 completando este ID porque fue asignado antes de que Lenovo se convirtiera en un CNA. Se report\u00f3 una vulnerabilidad (corregida y divulgada p\u00fablicamente en 2015) en Lenovo System Update versi\u00f3n 5.07.0008 y anteriores, que podr\u00eda permitir que la comprobaci\u00f3n de firma de una actualizaci\u00f3n sea omitida."}], "id": "CVE-2015-7336", "lastModified": "2020-04-01T18:51:40.660", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-03-27T15:15:11.710", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://support.lenovo.com/us/en/product_security/lsu_privilege"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-347"}], "source": "nvd@nist.gov", "type": "Primary"}]}