Sign-up

ID

VAR-201901-0846


CVE

CVE-2018-16098


TITLE

plural Lenovo ThinkPad Product Synaptics Pointing Vulnerabilities related to unquoted search paths or elements in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-014622

DESCRIPTION

In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user. plural Lenovo ThinkPad Product Synaptics Pointing The device contains a vulnerability with unquoted search paths or elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo ThinkPad Helix 20CG and others are notebook computer products of China Lenovo (Lenovo). Synaptics Pointing Device is one of the joystick and touchpad drivers. A security vulnerability exists in the Synaptics Pointing Device driver in several Lenovo products. An attacker could exploit this vulnerability to execute code. The following products are affected: Lenovo ThinkPad Helix 20CG; ThinkPad Helix 20CH; ThinkPad Helix (3xxx); ThinkPad L430/L530; ThinkPad P50 20EN; ThinkPad P50 20EQ;

Trust: 1.71

sources: NVD: CVE-2018-16098 // JVNDB: JVNDB-2018-014622 // VULHUB: VHN-126423

AFFECTED PRODUCTS

vendor:lenovomodel:thiankpad p51scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:synaptics thinkpad ultranav driverscope:eqversion:19.5.19.33

Trust: 1.0

vendor:lenovomodel:thinkpad t470scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkpad t530iscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkpad t540pscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkpad w550sscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkpad t431sscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkpad x230i tabletscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thiankpad p1scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thiankpad t420iscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkpad t430iscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thiankpad s430scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkpad x240sscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkpad x220scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkpad w541scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkpad yoga 11escope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkpad x250scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkpad x240scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:synaptics thinkpad ultranav driverscope:eqversion:18.0.7.119

Trust: 1.0

vendor:lenovomodel:thiankpad t420scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkpad t430sscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkpad t550scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkpad t520iscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkpad t580scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thiankpad s1 yogascope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkpad t440pscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkpad x230 tabletscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thiankpad l430scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkpad t460sscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkpad t570scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkpad twistscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkpad x1 carbonscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkpad x230iscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkpad x280scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thiankpad p50sscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkpad x1 hybridscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkpad x220iscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkpad t530scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkpad s230uscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkpad x1scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkpad w540scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkpad t420sscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:synaptics thinkpad ultranav driverscope:eqversion:19.0.17.140

Trust: 1.0

vendor:lenovomodel:thinkpad t470sscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkpad t540scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkpad x1 yogascope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkpad x230sscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thiankpad p70scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:synaptics thinkpad ultranav driverscope:eqversion:16.2.19.23

Trust: 1.0

vendor:lenovomodel:thinkpad t440scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkpad helixscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thiankpad p52sscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:synaptics thinkpad ultranav driverscope:eqversion:18.1.27.42

Trust: 1.0

vendor:lenovomodel:thiankpad l530scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkpad t520scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkpad x220 tabletscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkpad t560scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thiankpad p51sscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:synaptics thinkpad ultranav driverscope:eqversion:19.3.4.219

Trust: 1.0

vendor:lenovomodel:thiankpad x1 extremescope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkpad t440sscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkpad x230scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkpad w530scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:thinkpad t420siscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:synaptics thinkpad ultranav driverscope: - version: -

Trust: 0.8

vendor:lenovomodel:thiankpad l430scope: - version: -

Trust: 0.8

vendor:lenovomodel:thiankpad l530scope: - version: -

Trust: 0.8

vendor:lenovomodel:thiankpad p1scope: - version: -

Trust: 0.8

vendor:lenovomodel:thiankpad p50sscope: - version: -

Trust: 0.8

vendor:lenovomodel:thiankpad p51scope: - version: -

Trust: 0.8

vendor:lenovomodel:thiankpad p51sscope: - version: -

Trust: 0.8

vendor:lenovomodel:thiankpad p52sscope: - version: -

Trust: 0.8

vendor:lenovomodel:thiankpad x1 extremescope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkpad helixscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-014622 // NVD: CVE-2018-16098

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-16098
value: HIGH

Trust: 1.0

NVD: CVE-2018-16098
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201901-435
value: HIGH

Trust: 0.6

VULHUB: VHN-126423
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-16098
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-126423
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-16098
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-126423 // JVNDB: JVNDB-2018-014622 // CNNVD: CNNVD-201901-435 // NVD: CVE-2018-16098

PROBLEMTYPE DATA

problemtype:CWE-428

Trust: 1.9

sources: VULHUB: VHN-126423 // JVNDB: JVNDB-2018-014622 // NVD: CVE-2018-16098

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201901-435

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201901-435

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014622

PATCH
title:LEN-24573url:https://support.lenovo.com/jp/ja/product_security/len-24573
Trust: 0.8
title:Multiple Lenovo product Synaptics Pointing Device Driver security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88599
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-014622 // 
            
            
            
            CNNVD: CNNVD-201901-435

EXTERNAL IDS
db:NVDid:CVE-2018-16098
Trust: 2.5
db:LENOVOid:LEN-24573
Trust: 1.7
db:JVNDBid:JVNDB-2018-014622
Trust: 0.8
db:CNNVDid:CNNVD-201901-435
Trust: 0.7
db:VULHUBid:VHN-126423
Trust: 0.1
sources:
            
            
            VULHUB: VHN-126423 // 
            
            
            
            JVNDB: JVNDB-2018-014622 // 
            
            
            
            CNNVD: CNNVD-201901-435 // 
            
            
            
            NVD: CVE-2018-16098

REFERENCES
url:https://support.lenovo.com/us/en/solutions/len-24573
Trust: 1.7
url:https://support.lenovo.com/bg/en/product_security/len-24573
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16098
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-16098
Trust: 0.8
url:https://support.lenovo.com/us/en/product_security/len-24573
Trust: 0.6
sources:
            
            
            VULHUB: VHN-126423 // 
            
            
            
            JVNDB: JVNDB-2018-014622 // 
            
            
            
            CNNVD: CNNVD-201901-435 // 
            
            
            
            NVD: CVE-2018-16098

SOURCES
db:VULHUBid:VHN-126423
db:JVNDBid:JVNDB-2018-014622
db:CNNVDid:CNNVD-201901-435
db:NVDid:CVE-2018-16098

LAST UPDATE DATE
2024-11-23T23:01:53.697000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-126423date:2019-05-08T00:00:00
db:JVNDBid:JVNDB-2018-014622date:2019-03-29T00:00:00
db:CNNVDid:CNNVD-201901-435date:2019-08-29T00:00:00
db:NVDid:CVE-2018-16098date:2024-11-21T03:52:06.210

SOURCES RELEASE DATE
db:VULHUBid:VHN-126423date:2019-01-24T00:00:00
db:JVNDBid:JVNDB-2018-014622date:2019-03-29T00:00:00
db:CNNVDid:CNNVD-201901-435date:2019-01-14T00:00:00
db:NVDid:CVE-2018-16098date:2019-01-24T22:29:00.260