Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-15596

The ALPS ALPINE touchpad driver before 8.2206.1717.634, as used on various Dell, HP, and Lenovo laptops, allows attackers to conduct Path Disclosure attacks via a "fake" DLL file.

Published

2020-08-12T22:15:12.453

Last Modified

2024-11-21T05:05:49.603

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

6.4

Weaknesses

Type: Primary
CWE-427

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	hp	elite_x2_1012_g1_firmware	< 8.2206.1717.166	Yes
Hardware	hp	elite_x2_1012_g1	-	No
Operating System	hp	elite_x2_1012_g2_firmware	< 8.2206.1717.634	Yes
Hardware	hp	elite_x2_1012_g2	-	No
Operating System	hp	elitebook_1030_g1_firmware	< 8.2206.1717.166	Yes
Hardware	hp	elitebook_1030_g1	-	No
Operating System	hp	elitebook_1040_g4_firmware	< 8.2206.1717.634	Yes
Hardware	hp	elitebook_1040_g4	-	No
Operating System	hp	elitebook_folio_1040_g3_firmware	< 8.2206.1717.166	Yes
Hardware	hp	elitebook_folio_1040_g3	-	No
Operating System	hp	elitebook_folio_g1_firmware	< 8.2206.1717.166	Yes
Hardware	hp	elitebook_folio_g1	-	No
Operating System	hp	elitebook_revolve_810_g2_firmware	< 10.1201.1717.108	Yes
Hardware	hp	elitebook_revolve_810_g2	-	No
Operating System	hp	elitebook_revolve_810_g3_firmware	< 10.1201.1717.108	Yes
Hardware	hp	elitebook_revolve_810_g3	-	No
Operating System	hp	elitebook_x360_1020_g2_firmware	< 8.2206.1717.634	Yes
Hardware	hp	elitebook_x360_1020_g2	-	No
Operating System	hp	elitebook_x360_1030_g2_firmware	< 8.2206.1717.634	Yes
Hardware	hp	elitebook_x360_1030_g2	-	No
Operating System	hp	pro_x2_612_g2_firmware	< 8.2206.1717.634	Yes
Hardware	hp	pro_x2_612_g2	-	No
Operating System	hp	zbook_studio_g3_firmware	< 8.2206.1717.166	Yes
Hardware	hp	zbook_studio_g3	-	No
Operating System	hp	zbook_studio_g4_firmware	< 8.2206.1717.634	Yes
Hardware	hp	zbook_studio_g4	-	No
Operating System	hp	zbook_x2_g4_firmware	< 8.2206.1717.634	Yes
Hardware	hp	zbook_x2_g4	-	No

References

https://seclists.org/fulldisclosure/2020/Jul/30 Mailing List, Third Party Advisory ([email protected])
https://support.hp.com/document/c06706305 Vendor Advisory ([email protected])
https://seclists.org/fulldisclosure/2020/Jul/30 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.hp.com/document/c06706305 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)