CVE-2018-16098

EPSS 0.06%
Published 24.01.2019 22:29:00
Last modified 21.11.2024 03:52:06
Source psirt@lenovo.com
Teams watchlist Login
Open Login

In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Lenovo ≫ Synaptics Thinkpad Ultranav Driver Version18.0.7.119

Microsoft ≫ Windows 7 Version-
Microsoft ≫ Windows 8.1 Version- SwEditionpro_n

Lenovo ≫ Synaptics Thinkpad Ultranav Driver Version19.5.19.33

Microsoft ≫ Windows 10 Version-

Lenovo ≫ Synaptics Thinkpad Ultranav Driver Version19.0.17.140

Microsoft ≫ Windows 7 Version-
Microsoft ≫ Windows 8.1 Version-

Lenovo ≫ Synaptics Thinkpad Ultranav Driver Version19.3.4.219

   Microsoft ≫ Windows 10 Version-
   Microsoft ≫ Windows 7 Version-
   Microsoft ≫ Windows 8.1 Version-

Lenovo ≫ Synaptics Thinkpad Ultranav Driver Version16.2.19.23

Microsoft ≫ Windows 7 Version-
Microsoft ≫ Windows 8.1 Version-

Lenovo ≫ Synaptics Thinkpad Ultranav Driver Version18.1.27.42

Microsoft ≫ Windows 7 Version-
Microsoft ≫ Windows 8.1 Version-

Lenovo ≫ Thinkpad Helix Firmware Version-

Lenovo ≫ Thinkpad Helix Version-

Lenovo ≫ Thiankpad L430 Firmware Version-

Lenovo ≫ Thiankpad L430 Version-

Lenovo ≫ Thiankpad L530 Firmware Version-

Lenovo ≫ Thiankpad L530 Version-

Lenovo ≫ Thiankpad P1 Firmware Version-

Lenovo ≫ Thiankpad P1 Version-

Lenovo ≫ Thiankpad X1 Extreme Firmware Version-

Lenovo ≫ Thiankpad X1 Extreme Version-

Lenovo ≫ Thiankpad P50s Firmware Version-

Lenovo ≫ Thiankpad P50s Version-

Lenovo ≫ Thiankpad P51 Firmware Version-

Lenovo ≫ Thiankpad P51 Version-

Lenovo ≫ Thiankpad P51s Firmware Version-

Lenovo ≫ Thiankpad P51s Version-

Lenovo ≫ Thiankpad P52s Firmware Version-

Lenovo ≫ Thiankpad P52s Version-

Lenovo ≫ Thiankpad P70 Firmware Version-

Lenovo ≫ Thiankpad P70 Version-

Lenovo ≫ Thiankpad S1 Yoga Firmware Version-

Lenovo ≫ Thiankpad S1 Yoga Version-

Lenovo ≫ Thiankpad S430 Firmware Version-

Lenovo ≫ Thiankpad S430 Version-

Lenovo ≫ Thiankpad T420 Firmware Version-

Lenovo ≫ Thiankpad T420 Version-

Lenovo ≫ Thiankpad T420i Firmware Version-

Lenovo ≫ Thiankpad T420i Version-

Lenovo ≫ Thinkpad T420s Firmware Version-

Lenovo ≫ Thinkpad T420s Version-

Lenovo ≫ Thinkpad T420si Firmware Version-

Lenovo ≫ Thinkpad T420si Version-

Lenovo ≫ Thinkpad T430s Firmware Version-

Lenovo ≫ Thinkpad T430s Version-

Lenovo ≫ Thinkpad T430i Firmware Version-

Lenovo ≫ Thinkpad T430i Version-

Lenovo ≫ Thinkpad T430s Firmware Version-

Lenovo ≫ Thinkpad T430s Version-

Lenovo ≫ Thinkpad T431s Firmware Version-

Lenovo ≫ Thinkpad T431s Version-

Lenovo ≫ Thinkpad T440 Firmware Version-

Lenovo ≫ Thinkpad T440 Version-

Lenovo ≫ Thinkpad T440s Firmware Version-

Lenovo ≫ Thinkpad T440s Version-

Lenovo ≫ Thinkpad T440p Firmware Version-

Lenovo ≫ Thinkpad T440p Version-

Lenovo ≫ Thinkpad T460s Firmware Version-

Lenovo ≫ Thinkpad T460s Version-

Lenovo ≫ Thinkpad T470 Firmware Version-

Lenovo ≫ Thinkpad T470 Version-

Lenovo ≫ Thinkpad T470s Firmware Version-

Lenovo ≫ Thinkpad T470s Version-

Lenovo ≫ Thinkpad T430s Firmware Version-

Lenovo ≫ Thinkpad T430s Version-

Lenovo ≫ Thinkpad T520 Firmware Version-

Lenovo ≫ Thinkpad T520 Version-

Lenovo ≫ Thinkpad T520i Firmware Version-

Lenovo ≫ Thinkpad T520i Version-

Lenovo ≫ Thinkpad T530 Firmware Version-

Lenovo ≫ Thinkpad T530 Version-

Lenovo ≫ Thinkpad T530i Firmware Version-

Lenovo ≫ Thinkpad T530i Version-

Lenovo ≫ Thinkpad T540 Firmware Version-

Lenovo ≫ Thinkpad T540 Version-

Lenovo ≫ Thinkpad T540p Firmware Version-

Lenovo ≫ Thinkpad T540p Version-

Lenovo ≫ Thinkpad T550 Firmware Version-

Lenovo ≫ Thinkpad T550 Version-

Lenovo ≫ Thinkpad T560 Firmware Version-

Lenovo ≫ Thinkpad T560 Version-

Lenovo ≫ Thinkpad T570 Firmware Version-

Lenovo ≫ Thinkpad T570 Version-

Lenovo ≫ Thinkpad T580 Firmware Version-

Lenovo ≫ Thinkpad T580 Version-

Lenovo ≫ Thinkpad Twist Firmware Version-

Lenovo ≫ Thinkpad Twist Version-

Lenovo ≫ Thinkpad S230u Firmware Version-

Lenovo ≫ Thinkpad S230u Version-

Lenovo ≫ Thinkpad W530 Firmware Version-

Lenovo ≫ Thinkpad W530 Version-

Lenovo ≫ Thinkpad W540 Firmware Version-

Lenovo ≫ Thinkpad W540 Version-

Lenovo ≫ Thinkpad W541 Firmware Version-

Lenovo ≫ Thinkpad W541 Version-

Lenovo ≫ Thinkpad W550s Firmware Version-

Lenovo ≫ Thinkpad W550s Version-

Lenovo ≫ Thinkpad X1 Carbon Firmware Version-

Lenovo ≫ Thinkpad X1 Carbon Version-

Lenovo ≫ Thinkpad X1 Yoga Firmware Version-

Lenovo ≫ Thinkpad X1 Yoga Version-

Lenovo ≫ Thinkpad X1 Firmware Version-

Lenovo ≫ Thinkpad X1 Version-

Lenovo ≫ Thinkpad X1 Hybrid Firmware Version-

Lenovo ≫ Thinkpad X1 Hybrid Version-

Lenovo ≫ Thinkpad X220 Firmware Version-

Lenovo ≫ Thinkpad X220 Version-

Lenovo ≫ Thinkpad X220i Firmware Version-

Lenovo ≫ Thinkpad X220i Version-

Lenovo ≫ Thinkpad X220 Tablet Firmware Version-

Lenovo ≫ Thinkpad X220 Tablet Version-

Lenovo ≫ Thinkpad X230 Firmware Version-

Lenovo ≫ Thinkpad X230 Version-

Lenovo ≫ Thinkpad X230i Firmware Version-

Lenovo ≫ Thinkpad X230i Version-

Lenovo ≫ Thinkpad X230 Tablet Firmware Version-

Lenovo ≫ Thinkpad X230 Tablet Version-

Lenovo ≫ Thinkpad X230i Tablet Firmware Version-

Lenovo ≫ Thinkpad X230i Tablet Version-

Lenovo ≫ Thinkpad X230s Firmware Version-

Lenovo ≫ Thinkpad X230s Version-

Lenovo ≫ Thinkpad X240s Firmware Version-

Lenovo ≫ Thinkpad X240s Version-

Lenovo ≫ Thinkpad X240 Firmware Version-

Lenovo ≫ Thinkpad X240 Version-

Lenovo ≫ Thinkpad X250 Firmware Version-

Lenovo ≫ Thinkpad X250 Version-

Lenovo ≫ Thinkpad X280 Firmware Version-

Lenovo ≫ Thinkpad X280 Version-

Lenovo ≫ Thinkpad Yoga 11e Firmware Version-

Lenovo ≫ Thinkpad Yoga 11e Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.139

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-428 Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

https://support.lenovo.com/us/en/solutions/LEN-24573

Broken Link

https://support.lenovo.com/bg/en/product_security/len-24573

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-16098

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-16098

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-16098

EUVD