Vulnerabilites related to lenovo - air-14_2019
Vulnerability from fkie_nvd
Published
2020-06-09 20:15
Modified
2024-11-21 05:38
Severity ?
Summary
An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synaptics:smart_audio_uwp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60911CE4-DC1E-420B-BAAF-A881C026CB35",
"versionEndExcluding": "1.0.83.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:5-15ikb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3E8EF8E-6096-418B-BE88-6C0DE0B8DAF9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:air-14_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FAE2CE62-FD58-4DA5-8E36-E09DD34174A5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:c340-14iwl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AA81101-6A60-4F8C-A9AE-3D4DE12E3D4D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:flex-14iwl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6826664-4C5F-4BD1-80F8-BB7E41198122",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:s540-14iwl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64278716-BB66-437C-8829-97A05F3A636B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:s540-14iwl_touch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BFDFF08B-3CEA-4DB6-8B45-81113230FC40",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_11e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "247E4294-2547-4A1D-942A-170DA5DDB388",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_13:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AAD24C2-BA08-4827-A19A-33C4D71C573F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_a275:-:*:*:*:*:*:*:*",
"matchCriteriaId": "577AACCC-001A-4C73-B036-CA942080304F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_a285:-:*:*:*:*:*:*:*",
"matchCriteriaId": "259D895B-9968-41CF-8DB4-FAAB5A4C04AF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_a475:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE1D9347-9561-45A3-A434-3A0802BC8953",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_a485:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37B871C5-73F4-43FF-BCF1-B9B1B52FAC31",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_e450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AA339604-9751-43FA-B76F-7F2171615EC8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_e450c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1ACFA23-CA56-4350-971D-DEF9B1EB2ADB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_e455:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CE114D6-94A7-49E3-B59F-A15F5C0CA091",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_e460:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57A9D0E7-6995-4485-948D-1C6AE3DA0852",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_e465:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E37D1D5-96FF-43AD-963C-89263E578EAF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_e470:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DEB3B20B-F86E-4D83-BFD1-A70BE06B55CB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_e475:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7A17E2-C8F2-4AF0-BF87-14B3AD0EF75A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_e480:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F18F059-A701-41EE-B711-46DC7B5A1389",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_e485:-:*:*:*:*:*:*:*",
"matchCriteriaId": "342DF899-78B0-4573-B631-8E607AB569C7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_e490:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3647F05A-FE86-494A-BA16-0009C7ACB799",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_e490s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50B892C3-C61F-452C-9A84-7824F4184F04",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_e540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF19B858-DE7F-4A32-ACC3-ECEF1247FF45",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_e545:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E6DD33-F8B0-4B7F-A777-4CDC8CDB5D5E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_e550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "516C4759-773C-4975-AEF5-9976E0DFD36E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_e550c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33A5B02A-5CAF-4313-BF39-56501EC5638E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_e555:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5262D8E3-E4AB-433D-8752-043A12129A88",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_e560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C1503BA-645A-4051-8DE7-1DCCACC5D25A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_e565:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E98974C2-F0F8-4BB1-8AB6-10E71B3C614F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_e570:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE35D0C7-721B-4AD7-A483-E1671C00C227",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_e575:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F16C4BFE-5054-470D-9BF8-8A8B2DE3F4E0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_e580:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E574BA8-65D9-4836-B448-254D613DA86E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_e585:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA3E9204-096A-43CF-BF1A-808691A2975B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_e590:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D03AC004-4251-47AB-AE46-2BDD93F884D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_edge_e440:-:*:*:*:*:*:*:*",
"matchCriteriaId": "594AB083-54EA-4BE3-9978-644E85CEA340",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_edge_e445:-:*:*:*:*:*:*:*",
"matchCriteriaId": "272C1500-E07F-4340-9207-F778C6AEB3CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_l380:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0FFC7C4-2CAF-440A-8ED8-F25EA19F86C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_l380_yoga:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2187E37E-E3D6-467A-934C-D5613FBF8641",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_l390_yoga:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17DD928B-F0BF-44F1-9EA4-DC82233A2E69",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_l440:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9E5785-3AC4-4BAF-BFA8-86C327C9183F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_l450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A581500-3F97-4B68-92F9-0EE9182603CE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_l460:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25DE4E9C-5296-4FB5-A2FD-363D4682E6D6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_l470:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0930094D-D5E5-4941-8C0C-1C8208310D68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_l480:-:*:*:*:*:*:*:*",
"matchCriteriaId": "146462F0-69DA-4583-84C5-E1F2CE27E274",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_l540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA3F27E4-1508-444A-ADC5-694B67383F56",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_l580:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3245C2B-CED0-442E-ADE4-240F77D8AEC2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_p1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF379C36-AD7A-4C89-9636-2EC418D34D59",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_p40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "164E0FD3-1B46-4D18-B640-B350CA464961",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_p53:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D79A7D7F-7F46-4AD8-B90F-79E43B410E75",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_p73:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5456AA95-094C-461C-85D4-22BDD23DF826",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_r490:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F639EA7-4C2E-4766-94E3-8ED531026119",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_r590:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87E9F1A6-F657-455D-979E-15493E698542",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_s1_3rd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BB8219F-2EF5-4882-B007-86F9AE2ECEEF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_s1_yoga_12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52944176-C48C-4439-B0F5-9584491867CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_s2_yoga_3rd_gen:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D41F220A-8F71-49A7-BE07-D0B885C6CEB8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_s2_yoga_4th_gen:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71D21EBE-E2DE-4FB3-93ED-0DD0B33C829B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_s3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B96D333-5403-49F1-8B53-1BD61BD8E0AA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_s3-s440:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDA02160-1D81-44CE-8B2E-594784303464",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_s3_3rd_gen:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1C9FC9E-5E61-4890-A102-91B3461516F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_s3_yoga_14:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B32CEBA9-DE1B-415F-9F7A-4D790E46AA4D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_s5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AF7D68C-E60D-4181-9CD9-70111252B8D6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_t450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D943E973-EEAF-48E6-BD8A-05C61EA4FD0D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_t450s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB7FFCD-F586-4846-9053-B56EA599D4EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_t460:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D86FD3AD-D731-4C30-8A72-EC1A45B203F0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_t460p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E6AE13-913E-4FD7-A0DC-F554605F81B6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_t470p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8796BA28-2705-4798-A95C-A821BB941A03",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_x1_extreme:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5B89E5E-808D-4500-A33D-3B86E8CB28D4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_x260:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08393A13-D68E-4042-B223-EF80E581EEBC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_x270:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94532BBF-D9CF-4164-BACA-AFEA8C35806C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_x380_yoga:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5E1704F-6BB6-4B7C-ADE6-720533FB46E4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_yoga_11e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6C2E66F-B45C-4850-8C19-2AD84939173C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_yoga_11e_3rd_gen:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA8D4BE6-6E87-4892-9E16-2799D0E0CA21",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_yoga_11e_4th_gen:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24977327-E104-4F51-8CF1-6EF1FEAED9F8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_yoga_11e_5th_gen:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75F5B67B-0DFE-4FE3-B362-641DBE29A6C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_yoga_14_460_s3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F100E9-0BB9-4503-9B0D-20ECE5702568",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_yoga_370:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30B0E5C1-5A7B-4310-A4D3-A12E1F059568",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:v130-15igm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5053055-975C-4074-A9BA-BEB2E055DDEE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:v130-15ikb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E32DEE9B-A1C0-4679-BDE3-21E57977443F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:v310-15igm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6636D55-E926-470B-A0A0-3E8EFD0ABCED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:v330-15igm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "018037E5-FBB5-4B50-AC0C-CE99EAE992DF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:yoga_14:-:*:*:*:*:*:*:*",
"matchCriteriaId": "593CFCC6-4960-45EB-92C2-C8CA8757C103",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code."
},
{
"lang": "es",
"value": "Se report\u00f3 una vulnerabilidad de ruta de b\u00fasqueda sin comillas en versiones anteriores a 1.0.83.0 de la aplicaci\u00f3n Synaptics Smart Audio UWP asociada con los controladores de audio DCHU en las plataformas de Lenovo que podr\u00edan permitir a un usuario administrativo ejecutar c\u00f3digo arbitrario"
}
],
"id": "CVE-2020-8337",
"lastModified": "2024-11-21T05:38:44.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-09T20:15:22.773",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/len-30707"
},
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.synaptics.com/sites/default/files/audio-driver-security-brief-2020-06-09.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/len-30707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.synaptics.com/sites/default/files/audio-driver-security-brief-2020-06-09.pdf"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-428"
}
],
"source": "psirt@lenovo.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-428"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2020-8337
Vulnerability from cvelistv5
Published
2020-06-09 19:50
Modified
2024-09-16 18:38
Severity ?
EPSS score ?
Summary
An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/us/en/product_security/len-30707 | x_refsource_MISC | |
| https://www.synaptics.com/sites/default/files/audio-driver-security-brief-2020-06-09.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Lenovo | Synaptics Smart Audio UWP App |
Version: unspecified < 1.0.83.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:28.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/len-30707"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.synaptics.com/sites/default/files/audio-driver-security-brief-2020-06-09.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Synaptics Smart Audio UWP App",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.0.83.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Synaptics would like to thank Michele Dell\u0027Uomo (Quantum Leap Srl - a Deloitte business) for reporting this issue."
}
],
"datePublic": "2020-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-09T19:50:38",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/len-30707"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.synaptics.com/sites/default/files/audio-driver-security-brief-2020-06-09.pdf"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 1.0.83.0 (or later) of the Smart Audio app, which installs with the corresponding audio driver version."
}
],
"source": {
"advisory": "LEN-3707",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2020-06-09T18:00:00.000Z",
"ID": "CVE-2020-8337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Synaptics Smart Audio UWP App",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.0.83.0"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Synaptics would like to thank Michele Dell\u0027Uomo (Quantum Leap Srl - a Deloitte business) for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-428 Unquoted Search Path or Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/len-30707",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/len-30707"
},
{
"name": "https://www.synaptics.com/sites/default/files/audio-driver-security-brief-2020-06-09.pdf",
"refsource": "MISC",
"url": "https://www.synaptics.com/sites/default/files/audio-driver-security-brief-2020-06-09.pdf"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 1.0.83.0 (or later) of the Smart Audio app, which installs with the corresponding audio driver version."
}
],
"source": {
"advisory": "LEN-3707",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2020-8337",
"datePublished": "2020-06-09T19:50:38.150822Z",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-09-16T18:38:25.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}