Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-16098

In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user.

Published

2019-01-24T22:29:00.260

Last Modified

2024-11-21T03:52:06.210

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
CWE-428

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	lenovo	synaptics_thinkpad_ultranav_driver	18.0.7.119	Yes
Operating System	microsoft	windows_7	-	No
Operating System	microsoft	windows_8.1	-	No
Application	lenovo	synaptics_thinkpad_ultranav_driver	19.5.19.33	Yes
Operating System	microsoft	windows_10	-	No
Application	lenovo	synaptics_thinkpad_ultranav_driver	19.0.17.140	Yes
Operating System	microsoft	windows_7	-	No
Operating System	microsoft	windows_8.1	-	No
Application	lenovo	synaptics_thinkpad_ultranav_driver	19.3.4.219	Yes
Operating System	microsoft	windows_10	-	No
Operating System	microsoft	windows_7	-	No
Operating System	microsoft	windows_8.1	-	No
Application	lenovo	synaptics_thinkpad_ultranav_driver	16.2.19.23	Yes
Operating System	microsoft	windows_7	-	No
Operating System	microsoft	windows_8.1	-	No
Application	lenovo	synaptics_thinkpad_ultranav_driver	18.1.27.42	Yes
Operating System	microsoft	windows_7	-	No
Operating System	microsoft	windows_8.1	-	No
Operating System	lenovo	thinkpad_helix_firmware	-	Yes
Hardware	lenovo	thinkpad_helix	-	No
Operating System	lenovo	thiankpad_l430_firmware	-	Yes
Hardware	lenovo	thiankpad_l430	-	No
Operating System	lenovo	thiankpad_l530_firmware	-	Yes
Hardware	lenovo	thiankpad_l530	-	No
Operating System	lenovo	thiankpad_p1_firmware	-	Yes
Hardware	lenovo	thiankpad_p1	-	No
Operating System	lenovo	thiankpad_x1_extreme_firmware	-	Yes
Hardware	lenovo	thiankpad_x1_extreme	-	No
Operating System	lenovo	thiankpad_p50s_firmware	-	Yes
Hardware	lenovo	thiankpad_p50s	-	No
Operating System	lenovo	thiankpad_p51_firmware	-	Yes
Hardware	lenovo	thiankpad_p51	-	No
Operating System	lenovo	thiankpad_p51s_firmware	-	Yes
Hardware	lenovo	thiankpad_p51s	-	No
Operating System	lenovo	thiankpad_p52s_firmware	-	Yes
Hardware	lenovo	thiankpad_p52s	-	No
Operating System	lenovo	thiankpad_p70_firmware	-	Yes
Hardware	lenovo	thiankpad_p70	-	No
Operating System	lenovo	thiankpad_s1_yoga_firmware	-	Yes
Hardware	lenovo	thiankpad_s1_yoga	-	No
Operating System	lenovo	thiankpad_s430_firmware	-	Yes
Hardware	lenovo	thiankpad_s430	-	No
Operating System	lenovo	thiankpad_t420_firmware	-	Yes
Hardware	lenovo	thiankpad_t420	-	No
Operating System	lenovo	thiankpad_t420i_firmware	-	Yes
Hardware	lenovo	thiankpad_t420i	-	No
Operating System	lenovo	thinkpad_t420s_firmware	-	Yes
Hardware	lenovo	thinkpad_t420s	-	No
Operating System	lenovo	thinkpad_t420si_firmware	-	Yes
Hardware	lenovo	thinkpad_t420si	-	No
Operating System	lenovo	thinkpad_t430s_firmware	-	Yes
Hardware	lenovo	thinkpad_t430s	-	No
Operating System	lenovo	thinkpad_t430i_firmware	-	Yes
Hardware	lenovo	thinkpad_t430i	-	No
Operating System	lenovo	thinkpad_t430s_firmware	-	Yes
Hardware	lenovo	thinkpad_t430s	-	No
Operating System	lenovo	thinkpad_t431s_firmware	-	Yes
Hardware	lenovo	thinkpad_t431s	-	No
Operating System	lenovo	thinkpad_t440_firmware	-	Yes
Hardware	lenovo	thinkpad_t440	-	No
Operating System	lenovo	thinkpad_t440s_firmware	-	Yes
Hardware	lenovo	thinkpad_t440s	-	No
Operating System	lenovo	thinkpad_t440p_firmware	-	Yes
Hardware	lenovo	thinkpad_t440p	-	No
Operating System	lenovo	thinkpad_t460s_firmware	-	Yes
Hardware	lenovo	thinkpad_t460s	-	No
Operating System	lenovo	thinkpad_t470_firmware	-	Yes
Hardware	lenovo	thinkpad_t470	-	No
Operating System	lenovo	thinkpad_t470s_firmware	-	Yes
Hardware	lenovo	thinkpad_t470s	-	No
Operating System	lenovo	thinkpad_t430s_firmware	-	Yes
Hardware	lenovo	thinkpad_t430s	-	No
Operating System	lenovo	thinkpad_t520_firmware	-	Yes
Hardware	lenovo	thinkpad_t520	-	No
Operating System	lenovo	thinkpad_t520i_firmware	-	Yes
Hardware	lenovo	thinkpad_t520i	-	No
Operating System	lenovo	thinkpad_t530_firmware	-	Yes
Hardware	lenovo	thinkpad_t530	-	No
Operating System	lenovo	thinkpad_t530i_firmware	-	Yes
Hardware	lenovo	thinkpad_t530i	-	No
Operating System	lenovo	thinkpad_t540_firmware	-	Yes
Hardware	lenovo	thinkpad_t540	-	No
Operating System	lenovo	thinkpad_t540p_firmware	-	Yes
Hardware	lenovo	thinkpad_t540p	-	No
Operating System	lenovo	thinkpad_t550_firmware	-	Yes
Hardware	lenovo	thinkpad_t550	-	No
Operating System	lenovo	thinkpad_t560_firmware	-	Yes
Hardware	lenovo	thinkpad_t560	-	No
Operating System	lenovo	thinkpad_t570_firmware	-	Yes
Hardware	lenovo	thinkpad_t570	-	No
Operating System	lenovo	thinkpad_t580_firmware	-	Yes
Hardware	lenovo	thinkpad_t580	-	No
Operating System	lenovo	thinkpad_twist_firmware	-	Yes
Hardware	lenovo	thinkpad_twist	-	No
Operating System	lenovo	thinkpad_s230u_firmware	-	Yes
Hardware	lenovo	thinkpad_s230u	-	No
Operating System	lenovo	thinkpad_w530_firmware	-	Yes
Hardware	lenovo	thinkpad_w530	-	No
Operating System	lenovo	thinkpad_w540_firmware	-	Yes
Hardware	lenovo	thinkpad_w540	-	No
Operating System	lenovo	thinkpad_w541_firmware	-	Yes
Hardware	lenovo	thinkpad_w541	-	No
Operating System	lenovo	thinkpad_w550s_firmware	-	Yes
Hardware	lenovo	thinkpad_w550s	-	No
Operating System	lenovo	thinkpad_x1_carbon_firmware	-	Yes
Hardware	lenovo	thinkpad_x1_carbon	-	No
Operating System	lenovo	thinkpad_x1_yoga_firmware	-	Yes
Hardware	lenovo	thinkpad_x1_yoga	-	No
Operating System	lenovo	thinkpad_x1_firmware	-	Yes
Hardware	lenovo	thinkpad_x1	-	No
Operating System	lenovo	thinkpad_x1_hybrid_firmware	-	Yes
Hardware	lenovo	thinkpad_x1_hybrid	-	No
Operating System	lenovo	thinkpad_x220_firmware	-	Yes
Hardware	lenovo	thinkpad_x220	-	No
Operating System	lenovo	thinkpad_x220i_firmware	-	Yes
Hardware	lenovo	thinkpad_x220i	-	No
Operating System	lenovo	thinkpad_x220_tablet_firmware	-	Yes
Hardware	lenovo	thinkpad_x220_tablet	-	No
Operating System	lenovo	thinkpad_x230_firmware	-	Yes
Hardware	lenovo	thinkpad_x230	-	No
Operating System	lenovo	thinkpad_x230i_firmware	-	Yes
Hardware	lenovo	thinkpad_x230i	-	No
Operating System	lenovo	thinkpad_x230_tablet_firmware	-	Yes
Hardware	lenovo	thinkpad_x230_tablet	-	No
Operating System	lenovo	thinkpad_x230i_tablet_firmware	-	Yes
Hardware	lenovo	thinkpad_x230i_tablet	-	No
Operating System	lenovo	thinkpad_x230s_firmware	-	Yes
Hardware	lenovo	thinkpad_x230s	-	No
Operating System	lenovo	thinkpad_x240s_firmware	-	Yes
Hardware	lenovo	thinkpad_x240s	-	No
Operating System	lenovo	thinkpad_x240_firmware	-	Yes
Hardware	lenovo	thinkpad_x240	-	No
Operating System	lenovo	thinkpad_x250_firmware	-	Yes
Hardware	lenovo	thinkpad_x250	-	No
Operating System	lenovo	thinkpad_x280_firmware	-	Yes
Hardware	lenovo	thinkpad_x280	-	No
Operating System	lenovo	thinkpad_yoga_11e_firmware	-	Yes
Hardware	lenovo	thinkpad_yoga_11e	-	No

References

https://support.lenovo.com/us/en/solutions/LEN-24573 Broken Link ([email protected])
https://support.lenovo.com/bg/en/product_security/len-24573 Patch, Vendor Advisory ([email protected])
https://support.lenovo.com/us/en/solutions/LEN-24573 Broken Link (af854a3a-2127-422b-91ae-364da2661108)