Vulnerability CVE-2018-16098


Published: 2019-01-24

Description:
In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user.

Type:

CWE-428

(Unquoted Search Path or Element)

Vendor: Lenovo
Product: Synaptics thinkpad ultranav driver 
Version:
19.5.19.33
19.3.4.219
19.0.17.140
18.1.27.42
18.0.7.119
16.2.19.23
Product: Thinkpad t540p firmware 
Product: Thinkpad t520 firmware 
Product: Thinkpad t440p firmware 
Product: Thinkpad x240 firmware 
Product: Thinkpad t420si firmware 
Product: Thinkpad x230 firmware 
Product: Thiankpad t420i firmware 
Product: Thinkpad x1 hybrid firmware 
Product: Thiankpad p52s firmware 
Product: Thinkpad w540 firmware 
Product: Thiankpad l530 firmware 
Product: Thinkpad t560 firmware 
Product: Thinkpad t530 firmware 
Product: Thinkpad t460s firmware 
Product: Thinkpad x250 firmware 
Product: Thinkpad t430s firmware 
Product: Thinkpad x230i firmware 
Product: Thinkpad helix firmware 
Product: Thinkpad x220 firmware 
Product: Thiankpad s1 yoga firmware 
Product: Thinkpad w550s firmware 
Product: Thiankpad p50s firmware 
Product: Thinkpad t580 firmware 
Product: Thinkpad t540 firmware 
Product: Thinkpad t470s firmware 
Product: Thinkpad yoga 11e firmware 
Product: Thinkpad t440 firmware 
Product: Thinkpad x230s firmware 
Product: Thinkpad t420s firmware 
Product: Thinkpad x220i firmware 
Product: Thiankpad t420 firmware 
Product: Thinkpad x1 firmware 
Product: Thiankpad p51s firmware 
Product: Thinkpad w530 firmware 
Product: Thiankpad l430 firmware 
Product: Thinkpad t550 firmware 
Product: Thinkpad t520i firmware 
Product: Thinkpad t440s firmware 
Product: Thinkpad x240s firmware 
Product: Thinkpad t430i firmware 
Product: Thinkpad x230 tablet firmware 
Product: Thiankpad x1 extreme firmware 
Product: Thinkpad x1 yoga firmware 
Product: Thiankpad p70 firmware 
Product: Thinkpad w541 firmware 
Product: Thiankpad p1 firmware 
Product: Thinkpad t570 firmware 
Product: Thinkpad t530i firmware 
Product: Thinkpad t470 firmware 
Product: Thinkpad x280 firmware 
Product: Thinkpad t431s firmware 
Product: Thinkpad x230i tablet firmware 
Product: Thinkpad s230u firmware 
Product: Thinkpad x220 tablet firmware 
Product: Thiankpad s430 firmware 
Product: Thinkpad x1 carbon firmware 
Product: Thiankpad p51 firmware 
Product: Thinkpad twist firmware 

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
https://support.lenovo.com/bg/en/product_security/len-24573
https://support.lenovo.com/us/en/solutions/LEN-24573

Related CVE
CVE-2019-6158
An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA version...
CVE-2019-6157
In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support.
CVE-2019-6156
In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). Lenovo was notified that after resum...
CVE-2018-9085
A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services...
CVE-2018-9082
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user's current password to set a new one. As a result, attackers with access ...
CVE-2018-9081
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add ...
CVE-2018-9080
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. This allows an attac...
CVE-2018-9079
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript ha...

Copyright 2019, cxsecurity.com

 

Back to Top