7.2

CVE-2020-8337

An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SynapticsSmart Audio Uwp Version < 1.0.83.0
   Lenovo5-15ikb Version-
   LenovoAir-14 2019 Version-
   LenovoC340-14iwl Version-
   LenovoFlex-14iwl Version-
   LenovoS540-14iwl Version-
   LenovoS540-14iwl Touch Version-
   LenovoThinkpad 11e Version-
   LenovoThinkpad 13 Version-
   LenovoThinkpad A275 Version-
   LenovoThinkpad A285 Version-
   LenovoThinkpad A475 Version-
   LenovoThinkpad A485 Version-
   LenovoThinkpad E450 Version-
   LenovoThinkpad E450c Version-
   LenovoThinkpad E455 Version-
   LenovoThinkpad E460 Version-
   LenovoThinkpad E465 Version-
   LenovoThinkpad E470 Version-
   LenovoThinkpad E475 Version-
   LenovoThinkpad E480 Version-
   LenovoThinkpad E485 Version-
   LenovoThinkpad E490 Version-
   LenovoThinkpad E490s Version-
   LenovoThinkpad E540 Version-
   LenovoThinkpad E545 Version-
   LenovoThinkpad E550 Version-
   LenovoThinkpad E550c Version-
   LenovoThinkpad E555 Version-
   LenovoThinkpad E560 Version-
   LenovoThinkpad E565 Version-
   LenovoThinkpad E570 Version-
   LenovoThinkpad E575 Version-
   LenovoThinkpad E580 Version-
   LenovoThinkpad E585 Version-
   LenovoThinkpad E590 Version-
   LenovoThinkpad Edge E440 Version-
   LenovoThinkpad Edge E445 Version-
   LenovoThinkpad L380 Version-
   LenovoThinkpad L380 Yoga Version-
   LenovoThinkpad L390 Yoga Version-
   LenovoThinkpad L440 Version-
   LenovoThinkpad L450 Version-
   LenovoThinkpad L460 Version-
   LenovoThinkpad L470 Version-
   LenovoThinkpad L480 Version-
   LenovoThinkpad L540 Version-
   LenovoThinkpad L580 Version-
   LenovoThinkpad P1 Version-
   LenovoThinkpad P40 Version-
   LenovoThinkpad P53 Version-
   LenovoThinkpad P73 Version-
   LenovoThinkpad R490 Version-
   LenovoThinkpad R590 Version-
   LenovoThinkpad S1 3rd Version-
   LenovoThinkpad S1 Yoga 12 Version-
   LenovoThinkpad S2 Yoga 3rd Gen Version-
   LenovoThinkpad S2 Yoga 4th Gen Version-
   LenovoThinkpad S3 Version-
   LenovoThinkpad S3-s440 Version-
   LenovoThinkpad S3 3rd Gen Version-
   LenovoThinkpad S3 Yoga 14 Version-
   LenovoThinkpad S5 Version-
   LenovoThinkpad T450 Version-
   LenovoThinkpad T450s Version-
   LenovoThinkpad T460 Version-
   LenovoThinkpad T460p Version-
   LenovoThinkpad T470p Version-
   LenovoThinkpad X1 Extreme Version-
   LenovoThinkpad X260 Version-
   LenovoThinkpad X270 Version-
   LenovoThinkpad X380 Yoga Version-
   LenovoThinkpad Yoga 11e Version-
   LenovoThinkpad Yoga 11e 3rd Gen Version-
   LenovoThinkpad Yoga 11e 4th Gen Version-
   LenovoThinkpad Yoga 11e 5th Gen Version-
   LenovoThinkpad Yoga 14 460 S3 Version-
   LenovoThinkpad Yoga 370 Version-
   LenovoV130-15igm Version-
   LenovoV130-15ikb Version-
   LenovoV310-15igm Version-
   LenovoV330-15igm Version-
   LenovoYoga 14 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.05% 0.108
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-428 Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.