Lenovo System Update
By the Year
In 2024 there have been 0 vulnerabilities in Lenovo System Update . Last year System Update had 2 security vulnerabilities published. Right now, System Update is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 2 | 7.80 |
| 2022 | 1 | 7.80 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 7.00 |
| 2019 | 1 | 7.50 |
| 2018 | 1 | 7.80 |
It may take a day or so for new System Update vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Lenovo System Update Security Vulnerabilities
An uncontrolled search path vulnerability was reported in Lenovo System Update
CVE-2023-4632
7.8 - High
- November 08, 2023
An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges.
A directory permissions management vulnerability in Lenovo System Update may
CVE-2022-4568
7.8 - High
- May 01, 2023
A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges.
Incorrect Default Permissions
A vulnerability was reported in Lenovo System Update
CVE-2022-0354
7.8 - High
- April 22, 2022
A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window.
A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106
CVE-2020-8342
7 - High
- September 15, 2020
A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege.
Race Condition
A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088
CVE-2019-6175
7.5 - High
- September 26, 2019
A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations.
MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password
CVE-2018-9063
7.8 - High
- May 04, 2018
MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program's buffer, causing undefined behaviors, such as execution of arbitrary code. No additional privilege is granted to the attacker beyond what is already possessed to run MapDrv.
Buffer Overflow
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Lenovo System Update or by Lenovo? Click the Watch button to subscribe.
