Lenovo Superfish Adware HTTPS Spoofing Vulnerability

Last Update Date: 23 Feb 2015 11:12 Release Date: 23 Feb 2015 3298 Views

RISK: Medium Risk

Medium Risk

TYPE: Clients - Browsers

TYPE: Browsers

Superfish adware installed on some Lenovo PCs install a non-unique trusted root certification authority (CA) certificate, allowing an attacker to spoof HTTPS traffic.

 

A machine with Superfish VisualDiscovery installed will be vulnerable to SSL spoofing attacks without a warning from the browser.

Impact

  • Information Disclosure
  • Spoofing

System / Technologies affected

Superfish may have appeared on these models:

  • G Series: G410, G510, G710, G40-70, G50-70, G40-30, G50-30, G40-45, G50-45, G40-80
  • U Series: U330P, U430P, U330Touch, U430Touch, U530Touch 
  • Y Series: Y430P, Y40-70, Y50-70, Y40-80, Y70-70
  • Z Series: Z40-75, Z50-75, Z40-70, Z50-70, Z70-80
  • S Series: S310, S410, S40-70, S415, S415Touch, S435, S20-30, S20-30Touch
  • Flex Series: Flex2 14D, Flex2 15D, Flex2 14, Flex2 15, Flex2 Pro, Flex 10
  • MIIX Series: MIIX2-8, MIIX2-10, MIIX2-11, MIIX 3 1030
  • YOGA Series: YOGA2Pro-13, YOGA2-13, YOGA2-11, YOGA3 Pro
  • E Series: E10-30

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Vulnerability Identifier

  • No CVE information is available

Source

Related Link

Share with

Previous

Cisco ASR 5000 Series Software SNMP Processing Vulnerability

18 Feb 2015 2918 Views

Next

Samba Remote Code Execution Vulnerability

24 Feb 2015 2812 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY