CVE-2015-4596

CVE-2015-4596

by adidionxlm

Abstract Advisory Information

A security issue is affecting the product MouseSuite from the company LENOVO (http://www.lenovo.com). MouseSuite contains authorization issues allowing a basic user to perform vertical privilege escalation. The vendor has been informed about the vulnerability.

Version affected

Lenovo MouseSuite 6.72 and prior

Common Vulnerability Scoring System

6.8

Patches

A patch is available for MouseSuite 6.73.

Vulnerability Disclosure Timeline

  • 2015-06-11: Security note sent to Lenovo PSIRT about the vulnerability.
  • 2015-06-10: Response from Lenovo PSIRT opening an internal case (LEN-2015-066).
  • 2015-06-15: Ask for CVE ID to MITRE.
  • 2015-06-15: Contacting Lenovo PSIRT to advice them we choose to extend the time between the vendor contact and the disclosure date from 30 to 60 days.
  • 2015-06-16: Received CVE ID from MITRE (CVE-2015-4596).
  • 2015-07-28: The application have been updated by the vendor (https://support.lenovo.com/us/en/documents/pd026882)
  • 2015-08-19: An advisory have been published by the vendor (https://support.lenovo.com/us/en/product_security/len_2015_066)
Top