Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
lenovoLenovoLENOVO:PS500055-NOSID
HistoryJan 19, 2017 - 12:00 a.m.

LEN-7814 Lenovo Solution Center Arbitrary Process Termination or Code Execution by Unprivileged Local Users - my

2017-01-1900:00:00
support.lenovo.com
38

0.0004 Low

EPSS

Percentile

5.1%

JSON

**Lenovo Security Advisory:**LEN-7814

**Potential Impact:**Arbitrary process termination or code execution by unprivileged local users
Severity: High Scope of Impact: Lenovo specific

Summary Description:
Local privilege escalation vulnerabilities were identified in Lenovo Solution Center where unprivileged local users could terminate processes running at higher privilege levels (CVE-2016-5248) or execute arbitrary code (CVE-2016-5249) with LocalSystem account privileges.

The Lenovo Solution Center (LSC) is a software application created by Lenovo that allows users to perform diagnostic functions and quickly identify the status of PC system hardware and software health, network connections and the presence of security features such as firewalls or antivirus programs.

Mitigation Strategy for Customers (what you should do to protect yourself):
Lenovo has released an updated version of Lenovo Solution Center that addresses these vulnerabilities. Lenovo is providing this update through several channels to ensure that as many users as possible get the update as described below:

1) Updating via Lenovo Solution Center:
Users should open Lenovo Solution Center and they will be presented with a prompt to automatically update LSC to the latest version. Depending on the version of Lenovo Solution Center installed, select either β€œYes” or β€œUpdate Now” when presented with the prompt.

2) Updating via the Lenovo System Update utility
Open Lenovo System Update and clickNextto Get new updates. Follow the prompts to update your system with the latest version of Lenovo Solution Center.

3) Updating via direct download
Click on the download link from the following website. Follow the instructions in the readme file to install the update manually:<https://support.lenovo.com/lenovodiagnosticsolutions/downloads&gt;

4) Updating via the One Key Optimizer utility
Open Lenovo OneKey Optimizer. Click on β€œUpdate” and follow the prompts to update your system with the latest version of Lenovo Solution Center.

Product Impact:
Versions earlier than 3.3.003 of Lenovo Solution Center may be impacted by these vulnerabilities.

Acknowledgements:
Lenovo thanks Martin Rakhmanov of Trustwave’s SpiderLab for reporting these vulnerabilities.

Other information and references:
CVE-2016-5248; CVE-2016-5249

Revision History:

Revision

|

Date

|

Description

β€”|β€”|β€”
1.1 | 2016-07-11 | Added update method via One Key Optimizer utility
1.0 |** 2016-06-23**|** Initial release**

Related

lenovo 1
kaspersky 1
prion 2
nvd 2
cvelist 2
cve 2
lenovo
lenovo
LEN-7814 Lenovo Solution Center Arbitrary Process Termination or Code Execution by Unprivileged Local Users - Lenovo Support MY
2017-01-19 00:00:00
kaspersky
kaspersky
KLA10812 Privilege escalation vulnerabilities in Lenovo Solution Center
2016-06-22 00:00:00
prion
prion
Command injection
2016-06-30 16:59:00
Design/Logic Flaw
2016-06-30 16:59:00
nvd
nvd
CVE-2016-5248
2016-06-30 16:59:07
CVE-2016-5249
2016-06-30 16:59:08
cvelist
cvelist
CVE-2016-5248
2016-06-30 16:00:00
CVE-2016-5249
2016-06-30 16:00:00
cve
cve
CVE-2016-5249
2016-06-30 16:59:08
CVE-2016-5248
2016-06-30 16:59:07

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for LENOVO:PS500055-NOSID
lenovo1kaspersky1prion2nvd2cvelist2cve2