CVE-2008-3249

N/A Unknown

Published: July 21, 2008 Modified: April 23, 2026

Description

The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://secunia.com/advisories/30379

Source: cve@mitre.org

Patch Vendor Advisory

http://securitytracker.com/id?1020112

Source: cve@mitre.org

http://www.security-objectives.com/advisories/SECOBJADV-2008-01.txt

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/492579

Source: cve@mitre.org

http://www.securityfocus.com/bid/29366

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/42638

Source: cve@mitre.org

http://secunia.com/advisories/30379

Source: af854a3a-2127-422b-91ae-364da2661108

Patch Vendor Advisory

http://securitytracker.com/id?1020112

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.security-objectives.com/advisories/SECOBJADV-2008-01.txt

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/492579

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/29366

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/42638

Source: af854a3a-2127-422b-91ae-364da2661108

12 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-255

Affected Vendors

lenovo

Related CVEs

CVE-2026-41279 N/A

CVE-2026-41278 N/A

CVE-2026-41277 N/A

CVE-2026-41276 N/A

CVE-2026-41275 N/A