Categories: US-Cert-Repository

Lenovo Computers Vulnerable to HTTPS Spoofing

Original release date: February 20, 2015 | Last revised: March 04, 2015

Lenovo consumer personal computers employing the pre-installed Superfish VisualDiscovery software contain a critical vulnerability through a compromised root CA certificate. Exploitation of this vulnerability could allow a remote attacker to read all encrypted web browser traffic (HTTPS), successfully impersonate (spoof) any website, or perform other attacks on the affected system.

US-CERT recommends users and administrators review Vulnerability Note VU#529496 and US-CERT Alert TA15-051A for additional information and mitigation details.

This product is provided subject to this Notification and this Privacy & Use policy.

admin

Leave a Comment
Share
Published by
admin
10 years ago

Recent Posts

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…

13 hours ago

CISA Releases Thirteen Industrial Control Systems Advisories

CISA released thirteen Industrial Control Systems (ICS) advisories on July 10, 2025. These advisories provide…

2 days ago

CISA Releases One Industrial Control Systems Advisory

CISA released one Industrial Control Systems (ICS) advisory on July 8, 2025. These advisories provide…

4 days ago

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…

5 days ago

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…

7 days ago

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…

1 week ago

This website uses cookies.