Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-18618

Incorrect access control in the firmware of Synaptics VFS75xx family fingerprint sensors that include external flash (all versions prior to 2019-11-15) allows a local administrator or physical attacker to compromise the confidentiality of sensor data via injection of an unverified partition table.

Published

2020-07-22T14:15:14.737

Last Modified

2024-11-21T04:33:22.317

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.0 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

4.9

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	synaptics	vfs75xx_firmware	5.1.5.51	Yes
Operating System	synaptics	vfs75xx_firmware	5.1.337.26	Yes
Operating System	synaptics	vfs75xx_firmware	5.1.3507.26	Yes
Operating System	synaptics	vfs75xx_firmware	5.2.320.26	Yes
Operating System	synaptics	vfs75xx_firmware	5.2.524.26	Yes
Operating System	synaptics	vfs75xx_firmware	5.2.3109.26	Yes
Operating System	synaptics	vfs75xx_firmware	5.2.3530.26	Yes
Operating System	synaptics	vfs75xx_firmware	5.2.5024.26	Yes
Operating System	synaptics	vfs75xx_firmware	5.3.3541.26	Yes
Operating System	synaptics	vfs75xx_firmware	5.5.4.1116	Yes
Operating System	synaptics	vfs75xx_firmware	5.5.8.1092	Yes
Operating System	synaptics	vfs75xx_firmware	5.5.10.1100	Yes
Operating System	synaptics	vfs75xx_firmware	5.5.10.1106	Yes
Operating System	synaptics	vfs75xx_firmware	5.5.17.1099	Yes
Operating System	synaptics	vfs75xx_firmware	5.5.17.1102	Yes
Operating System	synaptics	vfs75xx_firmware	5.5.35.1058	Yes
Operating System	synaptics	vfs75xx_firmware	5.5.502.79	Yes
Operating System	synaptics	vfs75xx_firmware	5.5.512.1051	Yes
Operating System	synaptics	vfs75xx_firmware	5.5.2734.1050	Yes
Operating System	synaptics	vfs75xx_firmware	5.5.2810.1050	Yes
Hardware	synaptics	vfs75xx	-	No
Operating System	lenovo	thinkpad_25_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_25	-	No
Operating System	lenovo	thankpad_a475_firmware	< 5.02.3539.0026	Yes
Hardware	lenovo	thankpad_a475	-	No
Operating System	lenovo	thankpad_a485_firmware	< 5.03.3542.0026	Yes
Hardware	lenovo	thankpad_a485	-	No
Operating System	lenovo	thinkpad_e480_firmware	< 5.2.321.26	Yes
Hardware	lenovo	thinkpad_e480	-	No
Operating System	lenovo	thinkpad_e580_firmware	< 5.2.321.26	Yes
Hardware	lenovo	thinkpad_e580	-	No
Operating System	lenovo	thinkpad_e485_firmware	< 5.2.321.26	Yes
Hardware	lenovo	thinkpad_e485	-	No
Operating System	lenovo	thinkpad_e585_firmware	< 5.2.321.26	Yes
Hardware	lenovo	thinkpad_e585	-	No
Operating System	lenovo	thinkpad_e490s_firmware	< 5.2.321.26	Yes
Hardware	lenovo	thinkpad_e490s	-	No
Operating System	lenovo	thinkpad_s3_firmware	< 5.2.321.26	Yes
Hardware	lenovo	thinkpad_s3	-	No
Operating System	lenovo	thinkpad_e490_firmware	< 5.2.321.26	Yes
Hardware	lenovo	thinkpad_e490	-	No
Operating System	lenovo	thinkpad_e590_firmware	< 5.2.321.26	Yes
Hardware	lenovo	thinkpad_e590	-	No
Operating System	lenovo	thinkpad_r490_firmware	< 5.2.321.26	Yes
Hardware	lenovo	thinkpad_r490	-	No
Operating System	lenovo	thinkpad_r590_firmware	< 5.2.321.26	Yes
Hardware	lenovo	thinkpad_r590	-	No
Operating System	lenovo	thinkpad_l480_firmware	< 5.3.3542.26	Yes
Hardware	lenovo	thinkpad_l480	-	No
Operating System	lenovo	thinkpad_l580_firmware	< 5.3.3542.26	Yes
Hardware	lenovo	thinkpad_l580	-	No
Operating System	lenovo	thinkpad_p1_firmware	< 5.3.3542.26	Yes
Hardware	lenovo	thinkpad_p1	-	No
Operating System	lenovo	thinkpad_p1_gen_2_firmware	< 6.0.36.1105	Yes
Hardware	lenovo	thinkpad_p1_gen_2	-	No
Operating System	lenovo	thinkpad_x1_extreme_2nd_firmware	< 6.0.36.1105	Yes
Hardware	lenovo	thinkpad_x1_extreme_2nd	-	No
Operating System	lenovo	thinkpad_p43s_firmware	< 6.0.36.1105	Yes
Hardware	lenovo	thinkpad_p43s	-	No
Operating System	lenovo	thinkpad_p50_firmware	< 5.1.338.26	Yes
Hardware	lenovo	thinkpad_p50	-	No
Operating System	lenovo	thinkpad_p51_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_p51	-	No
Operating System	lenovo	thinkpad_p51s_\(20jx\)_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_p51s_\(20jx\)	-	No
Operating System	lenovo	thinkpad_p51s_\(20kx\)_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_p51s_\(20kx\)	-	No
Operating System	lenovo	thinkpad_p51s_\(20hx\)_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_p51s_\(20hx\)	-	No
Operating System	lenovo	thinkpad_p52_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_p52	-	No
Operating System	lenovo	thinkpad_p52s_firmware	< 5.3.3542.26	Yes
Hardware	lenovo	thinkpad_p52s	-	No
Operating System	lenovo	thinkpad_p53_firmware	< 6.0.36.1105	Yes
Hardware	lenovo	thinkpad_p53	-	No
Operating System	lenovo	thinkpad_p53s_firmware	< 6.0.36.1105	Yes
Hardware	lenovo	thinkpad_p53s	-	No
Operating System	lenovo	thinkpad_p70_firmware	< 5.1.338.26	Yes
Hardware	lenovo	thinkpad_p70	-	No
Operating System	lenovo	thinkpad_p71_\(20hx\)_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_p71_\(20hx\)	-	No
Operating System	lenovo	thinkpad_p72_firmware	< 5.3.3542.26	Yes
Hardware	lenovo	thinkpad_p72	-	No
Operating System	lenovo	thinkpad_p73_firmware	< 5.3.3542.26	Yes
Hardware	lenovo	thinkpad_p73	-	No
Operating System	lenovo	thinkpad_t25_\(20k7\)_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_t25_\(20k7\)	-	No
Operating System	lenovo	thinkpad_t460p_firmware	< 5.1.338.26	Yes
Hardware	lenovo	thinkpad_t460p	-	No
Operating System	lenovo	thinkpad_t460s_firmware	< 5.1.338.26	Yes
Hardware	lenovo	thinkpad_t460s	-	No
Operating System	lenovo	thinkpad_t470_\(20hx\)_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_t470_\(20hx\)	-	No
Operating System	lenovo	thinkpad_t470_\(20jx\)_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_t470_\(20jx\)	-	No
Operating System	lenovo	thinkpad_t470p_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_t470p	-	No
Operating System	lenovo	thinkpad_t470s_\(20hx\)_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_t470s_\(20hx\)	-	No
Operating System	lenovo	thinkpad_t470s_\(20jx\)_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_t470s_\(20jx\)	-	No
Operating System	lenovo	thinkpad_t480_firmware	< 5.3.3542.26	Yes
Hardware	lenovo	thinkpad_t480	-	No
Operating System	lenovo	thinkpad_t480s_firmware	< 5.3.3542.26	Yes
Hardware	lenovo	thinkpad_t480s	-	No
Operating System	lenovo	thinkpad_t490_firmware	< 6.0.36.1105	Yes
Hardware	lenovo	thinkpad_t490	-	No
Operating System	lenovo	thinkpad_t490s_firmware	< 6.0.36.1105	Yes
Hardware	lenovo	thinkpad_t490s	-	No
Operating System	lenovo	thinkpad_t570_\(20hx\)_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_t570_\(20hx\)	-	No
Operating System	lenovo	thinkpad_t570\(20jx\)_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_t570\(20jx\)	-	No
Operating System	lenovo	thinkpad_t580_firmware	< 5.3.3542.26	Yes
Hardware	lenovo	thinkpad_t580	-	No
Operating System	lenovo	thinkpad_t590_firmware	< 6.0.36.1105	Yes
Hardware	lenovo	thinkpad_t590	-	No
Operating System	lenovo	thinkpad_x1_carbon_\(20hx\)_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_x1_carbon_\(20hx\)	-	No
Operating System	lenovo	thinkpad_x1_carbon_\(20kx\)_firmware	< 5.3.3542.26	Yes
Hardware	lenovo	thinkpad_x1_carbon_\(20kx\)	-	No
Operating System	lenovo	thinkpad_x1_carbon_firmware	< 5.1.338.26	Yes
Hardware	lenovo	thinkpad_x1_carbon	-	No
Operating System	lenovo	thinkpad_x1_yoga_4th_gen_firmware	< 5.1.338.26	Yes
Hardware	lenovo	thinkpad_x1_yoga_4th_gen	-	No
Operating System	lenovo	thinkpad_x1_extreme_firmware	< 5.3.3542.26	Yes
Hardware	lenovo	thinkpad_x1_extreme	-	No
Operating System	lenovo	thinkpad_x1_tablet_firmware	< 5.5.40.1058	Yes
Hardware	lenovo	thinkpad_x1_tablet	-	No
Operating System	lenovo	thinkpad_x1_tablet_\(20jx\)_firmware	< 5.2.227.26	Yes
Hardware	lenovo	thinkpad_x1_tablet_\(20jx\)	-	No
Operating System	lenovo	thinkpad_x1_yoga_firmware	< 5.1.338.26	Yes
Hardware	lenovo	thinkpad_x1_yoga	-	No
Operating System	lenovo	thinkpad_x1_yoga_\(20jx\)_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_x1_yoga_\(20jx\)	-	No
Operating System	lenovo	thinkpad_x1_yoga_3rd_gen_firmware	< 5.3.3542.26	Yes
Hardware	lenovo	thinkpad_x1_yoga_3rd_gen	-	No
Operating System	lenovo	thinkpad_x270_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_x270	-	No
Operating System	lenovo	thinkpad_x280_firmware	< 5.3.3542.26	Yes
Hardware	lenovo	thinkpad_x280	-	No
Operating System	lenovo	thinkpad_x380_yoga_firmware	< 5.3.3542.26	Yes
Hardware	lenovo	thinkpad_x380_yoga	-	No
Operating System	lenovo	thinkpad_x390_firmware	< 6.0.36.1105	Yes
Hardware	lenovo	thinkpad_x390	-	No
Operating System	lenovo	thinkpad_x390_yoga_firmware	< 6.0.36.1105	Yes
Hardware	lenovo	thinkpad_x390_yoga	-	No
Operating System	lenovo	thinkpad_yoga_370_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_yoga_370	-	No
Operating System	lenovo	thinkpad_s1_3rd_firmware	< 5.2.3540.26	Yes
Hardware	lenovo	thinkpad_s1_3rd	-	No
Operating System	lenovo	thinkpad_yoga_260_firmware	< 5.1.338.26	Yes
Hardware	lenovo	thinkpad_yoga_260	-	No
Operating System	lenovo	thinkpad_yoga_s1_firmware	< 5.1.338.26	Yes
Hardware	lenovo	thinkpad_yoga_s1	-	No
Operating System	lenovo	thinkpad_a275_firmware	< 5.2.3535.26	Yes
Hardware	lenovo	thinkpad_a275	-	No
Operating System	hp	elite_x2_1012_g2_firmware	< 5.2.5026.26	Yes
Hardware	hp	elite_x2_1012_g2	-	No
Operating System	hp	elite_x2_1013_g3_firmware	< 5.5.21.1099	Yes
Hardware	hp	elite_x2_1013_g3	-	No
Operating System	hp	elite_x2_g4_firmware	< 5.5.21.1099	Yes
Hardware	hp	elite_x2_g4	-	No
Operating System	hp	elitebook_1040_g4_firmware	< 5.2.5026.26	Yes
Hardware	hp	elitebook_1040_g4	-	No
Operating System	hp	elitebook_1050_g1_firmware	< 5.5.21.1099	Yes
Hardware	hp	elitebook_1050_g1	-	No
Operating System	hp	elitebook_735_g5_firmware	< 5.5.21.1099	Yes
Hardware	hp	elitebook_735_g5	-	No
Operating System	hp	elitebook_735_g6_firmware	< 5.5.21.1099	Yes
Hardware	hp	elitebook_735_g6	-	No
Operating System	hp	elitebook_745_g5_firmware	< 5.5.21.1099	Yes
Hardware	hp	elitebook_745_g5	-	No
Operating System	hp	elitebook_745_g6_firmware	< 5.5.21.1099	Yes
Hardware	hp	elitebook_745_g6	-	No
Operating System	hp	elitebook_755_g5_firmware	< 5.5.21.1099	Yes
Hardware	hp	elitebook_755_g5	-	No
Operating System	hp	elitebook_830_g5_firmware	< 5.5.21.1099	Yes
Hardware	hp	elitebook_830_g5	-	No
Operating System	hp	elitebook_830_g6_firmware	< 5.5.21.1099	Yes
Hardware	hp	elitebook_830_g6	-	No
Operating System	hp	elitebook_836_g5_firmware	< 5.5.21.1099	Yes
Hardware	hp	elitebook_836_g5	-	No
Operating System	hp	elitebook_836_g6_firmware	< 5.5.21.1099	Yes
Hardware	hp	elitebook_836_g6	-	No
Operating System	hp	elitebook_840_g5_firmware	< 5.5.21.1099	Yes
Hardware	hp	elitebook_840_g5	-	No
Operating System	hp	elitebook_840_g5_healthcare_edition_firmware	< 5.5.21.1099	Yes
Hardware	hp	elitebook_840_g5_healthcare_edition	-	No
Operating System	hp	elitebook_840_g6_firmware	< 5.5.21.1099	Yes
Hardware	hp	elitebook_840_g6	-	No
Operating System	hp	elitebook_840_g6_healthcare_edition_firmware	< 5.5.21.1099	Yes
Hardware	hp	elitebook_840_g6_healthcare_edition	-	No
Operating System	hp	elitebook_846_g5_firmware	< 5.5.21.1099	Yes
Hardware	hp	elitebook_846_g5	-	No
Operating System	hp	elitebook_846_g5_healthcare_edition_firmware	< 5.5.21.1099	Yes
Hardware	hp	elitebook_846_g5_healthcare_edition	-	No
Operating System	hp	elitebook_846_g6_firmware	< 5.5.21.1099	Yes
Hardware	hp	elitebook_846_g6	-	No
Operating System	hp	elitebook_846_g6_healthcare_edition_firmware	< 5.5.21.1099	Yes
Hardware	hp	elitebook_846_g6_healthcare_edition	-	No
Operating System	hp	elitebook_850_g5_firmware	< 5.5.21.1099	Yes
Hardware	hp	elitebook_850_g5	-	No
Operating System	hp	elitebook_850_g6_firmware	< 5.5.21.1099	Yes
Hardware	hp	elitebook_850_g6	-	No
Operating System	hp	elitebook_x360_1020_g2_firmware	< 5.2.5026.26	Yes
Hardware	hp	elitebook_x360_1020_g2	-	No
Operating System	hp	elitebook_x360_1030_g2_firmware	< 5.2.5026.26	Yes
Hardware	hp	elitebook_x360_1030_g2	-	No
Operating System	hp	elitebook_x360_1030_g3_firmware	< 5.5.21.1099	Yes
Hardware	hp	elitebook_x360_1030_g3	-	No
Operating System	hp	elitebook_x360_1030_g4_firmware	< 5.5.21.1099	Yes
Hardware	hp	elitebook_x360_1030_g4	-	No
Operating System	hp	elitebook_x360_1040_g5_firmware	< 5.5.21.1099	Yes
Hardware	hp	elitebook_x360_1040_g5	-	No
Operating System	hp	elitebook_x360_1040_g6_firmware	< 5.5.21.1099	Yes
Hardware	hp	elitebook_x360_1040_g6	-	No
Operating System	hp	elitebook_x360_830_g5_firmware	< 5.5.21.1099	Yes
Hardware	hp	elitebook_x360_830_g5	-	No
Operating System	hp	elitebook_x360_830_g6_firmware	< 5.5.21.1099	Yes
Hardware	hp	elitebook_x360_830_g6	-	No
Operating System	hp	pro_x2_612_g2_firmware	< 5.2.5026.26	Yes
Hardware	hp	pro_x2_612_g2	-	No
Operating System	hp	probook_430_g6_firmware	< 5.5.21.1099	Yes
Hardware	hp	probook_430_g6	-	No
Operating System	hp	probook_440_g6_firmware	< 5.5.21.1099	Yes
Hardware	hp	probook_440_g6	-	No
Operating System	hp	probook_445_g6_firmware	< 5.5.21.1099	Yes
Hardware	hp	probook_445_g6	-	No
Operating System	hp	probook_445r_g6_firmware	< 5.5.21.1099	Yes
Hardware	hp	probook_445r_g6	-	No
Operating System	hp	probook_450_g6_firmware	< 5.5.21.1099	Yes
Hardware	hp	probook_450_g6	-	No
Operating System	hp	probook_455_g6_firmware	< 5.5.21.1099	Yes
Hardware	hp	probook_455_g6	-	No
Operating System	hp	probook_455r_g6_firmware	< 5.5.21.1099	Yes
Hardware	hp	probook_455r_g6	-	No
Operating System	hp	probook_640_g5_firmware	< 5.5.21.1099	Yes
Hardware	hp	probook_640_g5	-	No
Operating System	hp	probook_650_g5_firmware	< 5.5.21.1099	Yes
Hardware	hp	probook_650_g5	-	No
Operating System	hp	zbook_14u_g5_firmware	< 5.5.21.1099	Yes
Hardware	hp	zbook_14u_g5	-	No
Operating System	hp	zbook_14u_g6_firmware	< 5.5.21.1099	Yes
Hardware	hp	zbook_14u_g6	-	No
Operating System	hp	zbook_15_g5_firmware	< 5.5.21.1099	Yes
Hardware	hp	zbook_15_g5	-	No
Operating System	hp	zbook_15_g6_firmware	< 5.5.21.1099	Yes
Hardware	hp	zbook_15_g6	-	No
Operating System	hp	zbook_15u_g5_firmware	< 5.5.21.1099	Yes
Hardware	hp	zbook_15u_g5	-	No
Operating System	hp	zbook_15u_g6_firmware	< 5.5.21.1099	Yes
Hardware	hp	zbook_15u_g6	-	No
Operating System	hp	zbook_17_g5_firmware	< 5.5.21.1099	Yes
Hardware	hp	zbook_17_g5	-	No
Operating System	hp	zbook_17_g6_firmware	< 5.5.21.1099	Yes
Hardware	hp	zbook_17_g6	-	No
Operating System	hp	zbook_studio_g5_firmware	< 5.5.21.1099	Yes
Hardware	hp	zbook_studio_g5	-	No
Operating System	hp	zbook_studio_x360_g5_firmware	< 5.5.21.1099	Yes
Hardware	hp	zbook_studio_x360_g5	-	No
Operating System	hp	zhan_66_pro_13_g2_firmware	< 5.5.21.1099	Yes
Hardware	hp	zhan_66_pro_13_g2	-	No
Operating System	hp	zhan_66_pro_14_g2_firmware	< 5.5.21.1099	Yes
Hardware	hp	zhan_66_pro_14_g2	-	No
Operating System	hp	zhan_66_pro_15_g2_firmware	< 5.5.21.1099	Yes
Hardware	hp	zhan_66_pro_15_g2	-	No
Operating System	hp	zhan_x_13_g2_firmware	< 5.5.21.1099	Yes
Hardware	hp	zhan_x_13_g2	-	No
Operating System	hp	elite_slice_firmware	< 5.2.3110.26	Yes
Hardware	hp	elite_slice	-	No
Operating System	hp	eliteone_1000_g1_firmware	< 5.2.5026.26	Yes
Hardware	hp	eliteone_1000_g1	-	No
Operating System	hp	eliteone_1000_g2_firmware	< 5.5.21.1099	Yes
Hardware	hp	eliteone_1000_g2	-	No
Operating System	hp	mt44_firmware	< 5.5.21.1099	Yes
Hardware	hp	mt44	-	No
Operating System	hp	mt45_firmware	< 5.5.21.1099	Yes
Hardware	hp	mt45	-	No
Operating System	hp	envy_x360_firmware	< 5.5.26.1102	Yes
Hardware	hp	envy_x360	-	No
Operating System	hp	pavilion_x360_firmware	< 5.5.8.1116	Yes
Hardware	hp	pavilion_x360	-	No
Operating System	hp	spectre_x360_firmware	< 5.5.26.1102	Yes
Hardware	hp	spectre_x360	-	No

References

https://support.hp.com/us-en/document/c06696474 Patch, Third Party Advisory ([email protected])
https://support.lenovo.com/us/en/product_security/LEN-31372 Patch, Third Party Advisory ([email protected])
https://www.synaptics.com/company/blog/ Vendor Advisory ([email protected])
https://www.synaptics.com/sites/default/files/fingerprint-sensor-VFS7500-security-brief-2020-07-14.pdf Vendor Advisory ([email protected])
https://support.hp.com/us-en/document/c06696474 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.lenovo.com/us/en/product_security/LEN-31372 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.synaptics.com/company/blog/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.synaptics.com/sites/default/files/fingerprint-sensor-VFS7500-security-brief-2020-07-14.pdf Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)