Lucene search

[email protected]CVE-2018-16098

HistoryJan 24, 2019 - 10:29 p.m.

CVE-2018-16098

2019-01-2422:29:00

CWE-428

[email protected]

web.nvd.nist.gov

lenovo

thinkpads

unquoted search path

vulnerability

synaptics pointing device

driver

unauthorized code execution

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

12.7%

JSON

In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user.

Affected configurations

NVD

Node

lenovosynaptics_thinkpad_ultranav_driverMatch18.0.7.119

AND

microsoftwindows_7Match-

microsoftwindows_8.1Match-pro_n

Node

lenovosynaptics_thinkpad_ultranav_driverMatch19.5.19.33

AND

microsoftwindows_10Match-

Node

lenovosynaptics_thinkpad_ultranav_driverMatch19.0.17.140

AND

microsoftwindows_7Match-

microsoftwindows_8.1Match-

Node

lenovosynaptics_thinkpad_ultranav_driverMatch19.3.4.219

AND

microsoftwindows_10Match-

microsoftwindows_7Match-

microsoftwindows_8.1Match-

Node

lenovosynaptics_thinkpad_ultranav_driverMatch16.2.19.23

AND

microsoftwindows_7Match-

microsoftwindows_8.1Match-

Node

lenovosynaptics_thinkpad_ultranav_driverMatch18.1.27.42

AND

microsoftwindows_7Match-

microsoftwindows_8.1Match-

Node

lenovothinkpad_helix_firmwareMatch-

AND

lenovothinkpad_helixMatch-

Node

lenovothiankpad_l430_firmwareMatch-

AND

lenovothiankpad_l430Match-

Node

lenovothiankpad_l530_firmwareMatch-

AND

lenovothiankpad_l530Match-

Node

lenovothiankpad_p1_firmwareMatch-

AND

lenovothiankpad_p1Match-

Node

lenovothiankpad_x1_extreme_firmwareMatch-

AND

lenovothiankpad_x1_extremeMatch-

Node

lenovothiankpad_p50s_firmwareMatch-

AND

lenovothiankpad_p50sMatch-

Node

lenovothiankpad_p51_firmwareMatch-

AND

lenovothiankpad_p51Match-

Node

lenovothiankpad_p51s_firmwareMatch-

AND

lenovothiankpad_p51sMatch-

Node

lenovothiankpad_p52s_firmwareMatch-

AND

lenovothiankpad_p52sMatch-

Node

lenovothiankpad_p70_firmwareMatch-

AND

lenovothiankpad_p70Match-

Node

lenovothiankpad_s1_yoga_firmwareMatch-

AND

lenovothiankpad_s1_yogaMatch-

Node

lenovothiankpad_s430_firmwareMatch-

AND

lenovothiankpad_s430Match-

Node

lenovothiankpad_t420_firmwareMatch-

AND

lenovothiankpad_t420Match-

Node

lenovothiankpad_t420i_firmwareMatch-

AND

lenovothiankpad_t420iMatch-

Node

lenovothinkpad_t420s_firmwareMatch-

AND

lenovothinkpad_t420sMatch-

Node

lenovothinkpad_t420si_firmwareMatch-

AND

lenovothinkpad_t420siMatch-

Node

lenovothinkpad_t430s_firmwareMatch-

AND

lenovothinkpad_t430sMatch-

Node

lenovothinkpad_t430i_firmwareMatch-

AND

lenovothinkpad_t430iMatch-

Node

lenovothinkpad_t430s_firmwareMatch-

AND

lenovothinkpad_t430sMatch-

Node

lenovothinkpad_t431s_firmwareMatch-

AND

lenovothinkpad_t431sMatch-

Node

lenovothinkpad_t440_firmwareMatch-

AND

lenovothinkpad_t440Match-

Node

lenovothinkpad_t440s_firmwareMatch-

AND

lenovothinkpad_t440sMatch-

Node

lenovothinkpad_t440p_firmwareMatch-

AND

lenovothinkpad_t440pMatch-

Node

lenovothinkpad_t460s_firmwareMatch-

AND

lenovothinkpad_t460sMatch-

Node

lenovothinkpad_t470_firmwareMatch-

AND

lenovothinkpad_t470Match-

Node

lenovothinkpad_t470s_firmwareMatch-

AND

lenovothinkpad_t470sMatch-

Node

lenovothinkpad_t430s_firmwareMatch-

AND

lenovothinkpad_t430sMatch-

Node

lenovothinkpad_t520_firmwareMatch-

AND

lenovothinkpad_t520Match-

Node

lenovothinkpad_t520i_firmwareMatch-

AND

lenovothinkpad_t520iMatch-

Node

lenovothinkpad_t530_firmwareMatch-

AND

lenovothinkpad_t530Match-

Node

lenovothinkpad_t530i_firmwareMatch-

AND

lenovothinkpad_t530iMatch-

Node

lenovothinkpad_t540_firmwareMatch-

AND

lenovothinkpad_t540Match-

Node

lenovothinkpad_t540p_firmwareMatch-

AND

lenovothinkpad_t540pMatch-

Node

lenovothinkpad_t550_firmwareMatch-

AND

lenovothinkpad_t550Match-

Node

lenovothinkpad_t560_firmwareMatch-

AND

lenovothinkpad_t560Match-

Node

lenovothinkpad_t570_firmwareMatch-

AND

lenovothinkpad_t570Match-

Node

lenovothinkpad_t580_firmwareMatch-

AND

lenovothinkpad_t580Match-

Node

lenovothinkpad_twist_firmwareMatch-

AND

lenovothinkpad_twistMatch-

Node

lenovothinkpad_s230u_firmwareMatch-

AND

lenovothinkpad_s230uMatch-

Node

lenovothinkpad_w530_firmwareMatch-

AND

lenovothinkpad_w530Match-

Node

lenovothinkpad_w540_firmwareMatch-

AND

lenovothinkpad_w540Match-

Node

lenovothinkpad_w541_firmwareMatch-

AND

lenovothinkpad_w541Match-

Node

lenovothinkpad_w550s_firmwareMatch-

AND

lenovothinkpad_w550sMatch-

Node

lenovothinkpad_x1_carbon_firmwareMatch-

AND

lenovothinkpad_x1_carbonMatch-

Node

lenovothinkpad_x1_yoga_firmwareMatch-

AND

lenovothinkpad_x1_yogaMatch-

Node

lenovothinkpad_x1_firmwareMatch-

AND

lenovothinkpad_x1Match-

Node

lenovothinkpad_x1_hybrid_firmwareMatch-

AND

lenovothinkpad_x1_hybridMatch-

Node

lenovothinkpad_x220_firmwareMatch-

AND

lenovothinkpad_x220Match-

Node

lenovothinkpad_x220i_firmwareMatch-

AND

lenovothinkpad_x220iMatch-

Node

lenovothinkpad_x220_tablet_firmwareMatch-

AND

lenovothinkpad_x220_tabletMatch-

Node

lenovothinkpad_x230_firmwareMatch-

AND

lenovothinkpad_x230Match-

Node

lenovothinkpad_x230i_firmwareMatch-

AND

lenovothinkpad_x230iMatch-

Node

lenovothinkpad_x230_tablet_firmwareMatch-

AND

lenovothinkpad_x230_tabletMatch-

Node

lenovothinkpad_x230i_tablet_firmwareMatch-

AND

lenovothinkpad_x230i_tabletMatch-

Node

lenovothinkpad_x230s_firmwareMatch-

AND

lenovothinkpad_x230sMatch-

Node

lenovothinkpad_x240s_firmwareMatch-

AND

lenovothinkpad_x240sMatch-

Node

lenovothinkpad_x240_firmwareMatch-

AND

lenovothinkpad_x240Match-

Node

lenovothinkpad_x250_firmwareMatch-

AND

lenovothinkpad_x250Match-

Node

lenovothinkpad_x280_firmwareMatch-

AND

lenovothinkpad_x280Match-

Node

lenovothinkpad_yoga_11e_firmwareMatch-

AND

lenovothinkpad_yoga_11eMatch-

CPENameOperatorVersion
lenovo:synaptics_thinkpad_ultranav_driverlenovo synaptics thinkpad ultranav drivereq18.0.7.119

CPE	Name	Operator	Version
lenovo:synaptics_thinkpad_ultranav_driver	lenovo synaptics thinkpad ultranav driver	eq	18.0.7.119

CNA Affected

[
  {
    "product": "Various ThinkPad products",
    "vendor": "Lenovo Group Ltd.",
    "versions": [
      {
        "status": "affected",
        "version": "Various"
      }
    ]
  }
]

References

support.lenovo.com/bg/en/product_security/len-24573

support.lenovo.com/us/en/solutions/LEN-24573

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVE-2018-16098

lenovo2 nvd1 cvelist1 prion1