← back
CVE-2015-2219

CVE-2015-2219

38Vexday Risk Score

Patch soon. It has a working public exploit.

ssvc Attendepss 4.1%
from disclosure to weapon0 days
Published on NVDMay 12
1st PoCApr 12
metasploitApr 12
exploitation probability
4.1%top 10% of all CVEs
observed exploitation
nono source reports it
1 public exploit(s)
Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.