Lucene search

K
lenovoLenovoLENOVO:PS500331-NOSID
HistoryJun 05, 2020 - 4:29 a.m.

Synaptics Audio Driver Vulnerability - Lenovo Support US

2020-06-0504:29:09
support.lenovo.com
37

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

12.6%

Lenovo Security Advisory: LEN-30707

Potential Impact: Privilege escalation

Severity: Medium

Scope of Impact: Lenovo-specific

CVE Identifier: CVE-2020-8337

Summary Description:

An unquoted search path vulnerability was reported in Synaptics Audio Driver that could allow an administrative user to execute arbitrary code.

Mitigation Strategy for Customers (what you should do to protect yourself):

Synaptics recommends updating to the Synaptics Audio Driver version indicated for your model in the Product Impact section below.

Product Impact:

To download the version specified for your product below, follow these steps:

  1. Navigate to your product’s Drivers & Software page by going to https://support.lenovo.com/. PRC users should go to <https://newsupport.lenovo.com.cn/&gt;
  2. Searching for your product by name or machine type.
  3. Click Drivers & Software on the left menu panel.
  4. Click on Manual Update to browse by Component type.
  5. Compare the minimum fix version for your product from the applicable product table below with the latest version posted on the support site.

Alternatively and if applicable for your product, you may use Lenovo Vantage or Windows Update to update to the latest available version. To confirm you are using the minimum fix version (or higher), go to Add/Remove Programs and check the version listed there.

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

12.6%

Related for LENOVO:PS500331-NOSID