Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-16098

In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user.

Security Impact Summary

This vulnerability carries a HIGH severity rating with a CVSS v3.1 score of 7.8, requiring local system access to exploit with relatively low complexity without requiring user interaction requiring only low-level privileges . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 120 products from lenovo, from microsoft, from microsoft and 117 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

First disclosed in 2019, this vulnerability was reported during a period defined by widespread IoT adoption challenges, mobile security concerns, and the emergence of advanced persistent threat (APT) techniques. Contemporary mitigation strategies focused on secure development practices and third-party component vetting.

Published

2019-01-24T22:29:00.260

Last Modified

2024-11-21T03:52:06.210

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
CWE-428

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	lenovo	synaptics_thinkpad_ultranav_driver	18.0.7.119	Yes
Operating System	microsoft	windows_7	-	No
Operating System	microsoft	windows_8.1	-	No
Application	lenovo	synaptics_thinkpad_ultranav_driver	19.5.19.33	Yes
Operating System	microsoft	windows_10	-	No
Application	lenovo	synaptics_thinkpad_ultranav_driver	19.0.17.140	Yes
Operating System	microsoft	windows_7	-	No
Operating System	microsoft	windows_8.1	-	No
Application	lenovo	synaptics_thinkpad_ultranav_driver	19.3.4.219	Yes
Operating System	microsoft	windows_10	-	No
Operating System	microsoft	windows_7	-	No
Operating System	microsoft	windows_8.1	-	No
Application	lenovo	synaptics_thinkpad_ultranav_driver	16.2.19.23	Yes
Operating System	microsoft	windows_7	-	No
Operating System	microsoft	windows_8.1	-	No
Application	lenovo	synaptics_thinkpad_ultranav_driver	18.1.27.42	Yes
Operating System	microsoft	windows_7	-	No
Operating System	microsoft	windows_8.1	-	No
Operating System	lenovo	thinkpad_helix_firmware	-	Yes
Hardware	lenovo	thinkpad_helix	-	No
Operating System	lenovo	thiankpad_l430_firmware	-	Yes
Hardware	lenovo	thiankpad_l430	-	No
Operating System	lenovo	thiankpad_l530_firmware	-	Yes
Hardware	lenovo	thiankpad_l530	-	No
Operating System	lenovo	thiankpad_p1_firmware	-	Yes
Hardware	lenovo	thiankpad_p1	-	No
Operating System	lenovo	thiankpad_x1_extreme_firmware	-	Yes
Hardware	lenovo	thiankpad_x1_extreme	-	No
Operating System	lenovo	thiankpad_p50s_firmware	-	Yes
Hardware	lenovo	thiankpad_p50s	-	No
Operating System	lenovo	thiankpad_p51_firmware	-	Yes
Hardware	lenovo	thiankpad_p51	-	No
Operating System	lenovo	thiankpad_p51s_firmware	-	Yes
Hardware	lenovo	thiankpad_p51s	-	No
Operating System	lenovo	thiankpad_p52s_firmware	-	Yes
Hardware	lenovo	thiankpad_p52s	-	No
Operating System	lenovo	thiankpad_p70_firmware	-	Yes
Hardware	lenovo	thiankpad_p70	-	No
Operating System	lenovo	thiankpad_s1_yoga_firmware	-	Yes
Hardware	lenovo	thiankpad_s1_yoga	-	No
Operating System	lenovo	thiankpad_s430_firmware	-	Yes
Hardware	lenovo	thiankpad_s430	-	No
Operating System	lenovo	thiankpad_t420_firmware	-	Yes
Hardware	lenovo	thiankpad_t420	-	No
Operating System	lenovo	thiankpad_t420i_firmware	-	Yes
Hardware	lenovo	thiankpad_t420i	-	No
Operating System	lenovo	thinkpad_t420s_firmware	-	Yes
Hardware	lenovo	thinkpad_t420s	-	No
Operating System	lenovo	thinkpad_t420si_firmware	-	Yes
Hardware	lenovo	thinkpad_t420si	-	No
Operating System	lenovo	thinkpad_t430s_firmware	-	Yes
Hardware	lenovo	thinkpad_t430s	-	No
Operating System	lenovo	thinkpad_t430i_firmware	-	Yes
Hardware	lenovo	thinkpad_t430i	-	No
Operating System	lenovo	thinkpad_t430s_firmware	-	Yes
Hardware	lenovo	thinkpad_t430s	-	No
Operating System	lenovo	thinkpad_t431s_firmware	-	Yes
Hardware	lenovo	thinkpad_t431s	-	No
Operating System	lenovo	thinkpad_t440_firmware	-	Yes
Hardware	lenovo	thinkpad_t440	-	No
Operating System	lenovo	thinkpad_t440s_firmware	-	Yes
Hardware	lenovo	thinkpad_t440s	-	No
Operating System	lenovo	thinkpad_t440p_firmware	-	Yes
Hardware	lenovo	thinkpad_t440p	-	No
Operating System	lenovo	thinkpad_t460s_firmware	-	Yes
Hardware	lenovo	thinkpad_t460s	-	No
Operating System	lenovo	thinkpad_t470_firmware	-	Yes
Hardware	lenovo	thinkpad_t470	-	No
Operating System	lenovo	thinkpad_t470s_firmware	-	Yes
Hardware	lenovo	thinkpad_t470s	-	No
Operating System	lenovo	thinkpad_t430s_firmware	-	Yes
Hardware	lenovo	thinkpad_t430s	-	No
Operating System	lenovo	thinkpad_t520_firmware	-	Yes
Hardware	lenovo	thinkpad_t520	-	No
Operating System	lenovo	thinkpad_t520i_firmware	-	Yes
Hardware	lenovo	thinkpad_t520i	-	No
Operating System	lenovo	thinkpad_t530_firmware	-	Yes
Hardware	lenovo	thinkpad_t530	-	No
Operating System	lenovo	thinkpad_t530i_firmware	-	Yes
Hardware	lenovo	thinkpad_t530i	-	No
Operating System	lenovo	thinkpad_t540_firmware	-	Yes
Hardware	lenovo	thinkpad_t540	-	No
Operating System	lenovo	thinkpad_t540p_firmware	-	Yes
Hardware	lenovo	thinkpad_t540p	-	No
Operating System	lenovo	thinkpad_t550_firmware	-	Yes
Hardware	lenovo	thinkpad_t550	-	No
Operating System	lenovo	thinkpad_t560_firmware	-	Yes
Hardware	lenovo	thinkpad_t560	-	No
Operating System	lenovo	thinkpad_t570_firmware	-	Yes
Hardware	lenovo	thinkpad_t570	-	No
Operating System	lenovo	thinkpad_t580_firmware	-	Yes
Hardware	lenovo	thinkpad_t580	-	No
Operating System	lenovo	thinkpad_twist_firmware	-	Yes
Hardware	lenovo	thinkpad_twist	-	No
Operating System	lenovo	thinkpad_s230u_firmware	-	Yes
Hardware	lenovo	thinkpad_s230u	-	No
Operating System	lenovo	thinkpad_w530_firmware	-	Yes
Hardware	lenovo	thinkpad_w530	-	No
Operating System	lenovo	thinkpad_w540_firmware	-	Yes
Hardware	lenovo	thinkpad_w540	-	No
Operating System	lenovo	thinkpad_w541_firmware	-	Yes
Hardware	lenovo	thinkpad_w541	-	No
Operating System	lenovo	thinkpad_w550s_firmware	-	Yes
Hardware	lenovo	thinkpad_w550s	-	No
Operating System	lenovo	thinkpad_x1_carbon_firmware	-	Yes
Hardware	lenovo	thinkpad_x1_carbon	-	No
Operating System	lenovo	thinkpad_x1_yoga_firmware	-	Yes
Hardware	lenovo	thinkpad_x1_yoga	-	No
Operating System	lenovo	thinkpad_x1_firmware	-	Yes
Hardware	lenovo	thinkpad_x1	-	No
Operating System	lenovo	thinkpad_x1_hybrid_firmware	-	Yes
Hardware	lenovo	thinkpad_x1_hybrid	-	No
Operating System	lenovo	thinkpad_x220_firmware	-	Yes
Hardware	lenovo	thinkpad_x220	-	No
Operating System	lenovo	thinkpad_x220i_firmware	-	Yes
Hardware	lenovo	thinkpad_x220i	-	No
Operating System	lenovo	thinkpad_x220_tablet_firmware	-	Yes
Hardware	lenovo	thinkpad_x220_tablet	-	No
Operating System	lenovo	thinkpad_x230_firmware	-	Yes
Hardware	lenovo	thinkpad_x230	-	No
Operating System	lenovo	thinkpad_x230i_firmware	-	Yes
Hardware	lenovo	thinkpad_x230i	-	No
Operating System	lenovo	thinkpad_x230_tablet_firmware	-	Yes
Hardware	lenovo	thinkpad_x230_tablet	-	No
Operating System	lenovo	thinkpad_x230i_tablet_firmware	-	Yes
Hardware	lenovo	thinkpad_x230i_tablet	-	No
Operating System	lenovo	thinkpad_x230s_firmware	-	Yes
Hardware	lenovo	thinkpad_x230s	-	No
Operating System	lenovo	thinkpad_x240s_firmware	-	Yes
Hardware	lenovo	thinkpad_x240s	-	No
Operating System	lenovo	thinkpad_x240_firmware	-	Yes
Hardware	lenovo	thinkpad_x240	-	No
Operating System	lenovo	thinkpad_x250_firmware	-	Yes
Hardware	lenovo	thinkpad_x250	-	No
Operating System	lenovo	thinkpad_x280_firmware	-	Yes
Hardware	lenovo	thinkpad_x280	-	No
Operating System	lenovo	thinkpad_yoga_11e_firmware	-	Yes
Hardware	lenovo	thinkpad_yoga_11e	-	No

References

https://support.lenovo.com/us/en/solutions/LEN-24573 Broken Link ([email protected])
https://support.lenovo.com/bg/en/product_security/len-24573 Patch, Vendor Advisory ([email protected])
https://support.lenovo.com/us/en/solutions/LEN-24573 Broken Link (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For lenovo's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.