CVE-2015-8109

Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires knowledge of the time that this account was created, aka a "temporary administrator account vulnerability."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7 HIGH
LOCAL
HIGH
LOW
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
VendorProductVersion
lenovolenovo_system_update
𝑥
≤ 5.07.0013
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/98039
https://ioactive.com/pdfs/IOActive_Advisory_Lenovo_SystemUpdate-Insecure-Random-Admin-Password.pdf
https://support.lenovo.com/us/en/product_security/lsu_privilege
http://www.securityfocus.com/bid/98039
https://ioactive.com/pdfs/IOActive_Advisory_Lenovo_SystemUpdate-Insecure-Random-Admin-Password.pdf
https://support.lenovo.com/us/en/product_security/lsu_privilege