Vulnerability CVE-2018-16098

Vulnerability CVE-2018-16098

Published: 2019-01-24

Description:

In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user.

Type:

CWE-428

(Unquoted Search Path or Element)

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score	Impact Subscore	Exploitability Subscore
7.2/10	10/10	3.9/10

Exploit range	Attack complexity	Authentication
Local	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Complete	Complete	Complete

Affected software
Lenovo -> Thinkpad s230u firmware
Lenovo -> Thinkpad t540 firmware
Lenovo -> Thinkpad x220 tablet firmware
Lenovo -> Synaptics thinkpad ultranav driver
Lenovo -> Thinkpad t420s firmware
Lenovo -> Thinkpad t540p firmware
Lenovo -> Thinkpad x220i firmware
Lenovo -> Thiankpad l430 firmware
Lenovo -> Thinkpad t420si firmware
Lenovo -> Thinkpad t550 firmware
Lenovo -> Thinkpad x230 firmware
Lenovo -> Thiankpad l530 firmware
Lenovo -> Thinkpad t430i firmware
Lenovo -> Thinkpad t560 firmware
Lenovo -> Thinkpad x230 tablet firmware
Lenovo -> Thiankpad p1 firmware
Lenovo -> Thinkpad t430s firmware
Lenovo -> Thinkpad t570 firmware
Lenovo -> Thinkpad x230i firmware
Lenovo -> Thiankpad p50s firmware
Lenovo -> Thinkpad t431s firmware
Lenovo -> Thinkpad t580 firmware
Lenovo -> Thinkpad x230i tablet firmware
Lenovo -> Thiankpad p51 firmware
Lenovo -> Thinkpad t440 firmware
Lenovo -> Thinkpad twist firmware
Lenovo -> Thinkpad x230s firmware
Lenovo -> Thiankpad p51s firmware
Lenovo -> Thinkpad t440p firmware
Lenovo -> Thinkpad w530 firmware
Lenovo -> Thinkpad x240 firmware
Lenovo -> Thiankpad p52s firmware
Lenovo -> Thinkpad t440s firmware
Lenovo -> Thinkpad w540 firmware
Lenovo -> Thinkpad x240s firmware
Lenovo -> Thiankpad p70 firmware
Lenovo -> Thinkpad t460s firmware
Lenovo -> Thinkpad w541 firmware
Lenovo -> Thinkpad x250 firmware
Lenovo -> Thiankpad s1 yoga firmware
Lenovo -> Thinkpad t470 firmware
Lenovo -> Thinkpad w550s firmware
Lenovo -> Thinkpad x280 firmware
Lenovo -> Thiankpad s430 firmware
Lenovo -> Thinkpad t470s firmware
Lenovo -> Thinkpad x1 carbon firmware
Lenovo -> Thinkpad yoga 11e firmware
Lenovo -> Thiankpad t420 firmware
Lenovo -> Thinkpad t520 firmware
Lenovo -> Thinkpad x1 firmware
Lenovo -> Thiankpad t420i firmware
Lenovo -> Thinkpad t520i firmware
Lenovo -> Thinkpad x1 hybrid firmware
Lenovo -> Thiankpad x1 extreme firmware
Lenovo -> Thinkpad t530 firmware
Lenovo -> Thinkpad x1 yoga firmware
Lenovo -> Thinkpad helix firmware
Lenovo -> Thinkpad t530i firmware
Lenovo -> Thinkpad x220 firmware

References:

https://support.lenovo.com/bg/en/product_security/len-24573

https://support.lenovo.com/us/en/solutions/LEN-24573

Vulnerability CVE-2018-16098

In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user.

CWE-428

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

7.2/10

10/10

3.9/10

Local

Low

No required

Complete

Complete

Complete

Affected software

References: