Details of VAR-202003-1198

ID

VAR-202003-1198

CVE

CVE-2015-7336

TITLE

Lenovo System Update Digital Signature Verification Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2015-008634

DESCRIPTION

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed. Lenovo System Update Exists in a digital signature validation vulnerability.Information may be tampered with. Lenovo System Update is an application from China Lenovo (Lenovo) to check for driver updates and install them. Security vulnerabilities exist in Lenovo System Update 5.07.0008 and earlier versions. An attacker could exploit this vulnerability to bypass signature checks for updates

Trust: 1.8

sources: NVD: CVE-2015-7336 // JVNDB: JVNDB-2015-008634 // VULHUB: VHN-85297 // VULMON: CVE-2015-7336

AFFECTED PRODUCTS

vendor:	lenovo	model:	system update	scope:	lte	version:	5.07.0008	Trust: 1.0
vendor:	lenovo	model:	system update	scope:	eq	version:	5.07.0008	Trust: 0.8

sources: JVNDB: JVNDB-2015-008634 // NVD: CVE-2015-7336

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-7336
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2015-008634
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202003-1670
value:	HIGH
Trust: 0.6
VULHUB:	VHN-85297
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2015-7336
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-7336
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2015-008634
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-85297
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-7336
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2015-008634
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-85297 // VULMON: CVE-2015-7336 // JVNDB: JVNDB-2015-008634 // CNNVD: CNNVD-202003-1670 // NVD: CVE-2015-7336

PROBLEMTYPE DATA

problemtype:

CWE-347

Trust: 1.9

sources: VULHUB: VHN-85297 // JVNDB: JVNDB-2015-008634 // NVD: CVE-2015-7336

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-1670

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-202003-1670

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-008634

PATCH

title:

LEN-2015-011

url:

https://support.lenovo.com/us/en/product_security/lsu_privilege

Trust: 0.8

sources: JVNDB: JVNDB-2015-008634

EXTERNAL IDS

db:	NVD	id:	CVE-2015-7336	Trust: 2.6
db:	JVNDB	id:	JVNDB-2015-008634	Trust: 0.8
db:	CNNVD	id:	CNNVD-202003-1670	Trust: 0.7
db:	VULHUB	id:	VHN-85297	Trust: 0.1
db:	VULMON	id:	CVE-2015-7336	Trust: 0.1

sources: VULHUB: VHN-85297 // VULMON: CVE-2015-7336 // JVNDB: JVNDB-2015-008634 // CNNVD: CNNVD-202003-1670 // NVD: CVE-2015-7336

REFERENCES

url:	https://support.lenovo.com/us/en/product_security/lsu_privilege	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7336	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7336	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/347.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-85297 // VULMON: CVE-2015-7336 // JVNDB: JVNDB-2015-008634 // CNNVD: CNNVD-202003-1670 // NVD: CVE-2015-7336

SOURCES

db:	VULHUB	id:	VHN-85297
db:	VULMON	id:	CVE-2015-7336
db:	JVNDB	id:	JVNDB-2015-008634
db:	CNNVD	id:	CNNVD-202003-1670
db:	NVD	id:	CVE-2015-7336

LAST UPDATE DATE

2024-11-23T22:11:35.804000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-85297	date:	2020-04-01T00:00:00
db:	VULMON	id:	CVE-2015-7336	date:	2020-04-01T00:00:00
db:	JVNDB	id:	JVNDB-2015-008634	date:	2020-04-17T00:00:00
db:	CNNVD	id:	CNNVD-202003-1670	date:	2020-04-03T00:00:00
db:	NVD	id:	CVE-2015-7336	date:	2024-11-21T02:36:36.740

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-85297	date:	2020-03-27T00:00:00
db:	VULMON	id:	CVE-2015-7336	date:	2020-03-27T00:00:00
db:	JVNDB	id:	JVNDB-2015-008634	date:	2020-04-17T00:00:00
db:	CNNVD	id:	CNNVD-202003-1670	date:	2020-03-27T00:00:00
db:	NVD	id:	CVE-2015-7336	date:	2020-03-27T15:15:11.710