Abstract Advisory Information
A security issue is affecting the product MouseSuite from the company LENOVO (http://www.lenovo.com). MouseSuite contains authorization issues allowing a basic user to perform vertical privilege escalation. The vendor has been informed about the vulnerability.
Version affected
Lenovo MouseSuite 6.72 and prior
Common Vulnerability Scoring System
6.8
Patches
A patch is available for MouseSuite 6.73.
Vulnerability Disclosure Timeline
- 2015-06-11: Security note sent to Lenovo PSIRT about the vulnerability.
- 2015-06-10: Response from Lenovo PSIRT opening an internal case (LEN-2015-066).
- 2015-06-15: Ask for CVE ID to MITRE.
- 2015-06-15: Contacting Lenovo PSIRT to advice them we choose to extend the time between the vendor contact and the disclosure date from 30 to 60 days.
- 2015-06-16: Received CVE ID from MITRE (CVE-2015-4596).
- 2015-07-28: The application have been updated by the vendor (https://support.lenovo.com/us/en/documents/pd026882)
- 2015-08-19: An advisory have been published by the vendor (https://support.lenovo.com/us/en/product_security/len_2015_066)