CVE-2018-16098
UnknownEPSS 0.40%
Last modified
CVE-2018-16098 is a vulnerability of currently unknown severity. In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user.. EPSS estimates a 0.40% chance of exploitation in the next 30 days.
Description
In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Lenovo | Synaptics Thinkpad Ultranav Driver | 18.0.7.119 |
| Lenovo | Synaptics Thinkpad Ultranav Driver | 19.5.19.33 |
| Lenovo | Synaptics Thinkpad Ultranav Driver | 19.0.17.140 |
| Lenovo | Synaptics Thinkpad Ultranav Driver | 19.3.4.219 |
| Lenovo | Synaptics Thinkpad Ultranav Driver | 16.2.19.23 |
| Lenovo | Synaptics Thinkpad Ultranav Driver | 18.1.27.42 |
| Lenovo | Thinkpad Helix Firmware | All versions |
| Lenovo | Thiankpad L430 Firmware | All versions |
| Lenovo | Thiankpad L530 Firmware | All versions |
| Lenovo | Thiankpad P1 Firmware | All versions |
| Lenovo | Thiankpad X1 Extreme Firmware | All versions |
| Lenovo | Thiankpad P50s Firmware | All versions |
| Lenovo | Thiankpad P51 Firmware | All versions |
| Lenovo | Thiankpad P51s Firmware | All versions |
| Lenovo | Thiankpad P52s Firmware | All versions |
| Lenovo | Thiankpad P70 Firmware | All versions |
| Lenovo | Thiankpad S1 Yoga Firmware | All versions |
| Lenovo | Thiankpad S430 Firmware | All versions |
| Lenovo | Thiankpad T420 Firmware | All versions |
| Lenovo | Thiankpad T420i Firmware | All versions |
| Lenovo | Thinkpad T420s Firmware | All versions |
| Lenovo | Thinkpad T420si Firmware | All versions |
| Lenovo | Thinkpad T430s Firmware | All versions |
| Lenovo | Thinkpad T430i Firmware | All versions |
| Lenovo | Thinkpad T431s Firmware | All versions |
| Lenovo | Thinkpad T440 Firmware | All versions |
| Lenovo | Thinkpad T440s Firmware | All versions |
| Lenovo | Thinkpad T440p Firmware | All versions |
| Lenovo | Thinkpad T460s Firmware | All versions |
| Lenovo | Thinkpad T470 Firmware | All versions |
| Lenovo | Thinkpad T470s Firmware | All versions |
| Lenovo | Thinkpad T520 Firmware | All versions |
| Lenovo | Thinkpad T520i Firmware | All versions |
| Lenovo | Thinkpad T530 Firmware | All versions |
| Lenovo | Thinkpad T530i Firmware | All versions |
| Lenovo | Thinkpad T540 Firmware | All versions |
| Lenovo | Thinkpad T540p Firmware | All versions |
| Lenovo | Thinkpad T550 Firmware | All versions |
| Lenovo | Thinkpad T560 Firmware | All versions |
| Lenovo | Thinkpad T570 Firmware | All versions |
| Lenovo | Thinkpad T580 Firmware | All versions |
| Lenovo | Thinkpad Twist Firmware | All versions |
| Lenovo | Thinkpad S230u Firmware | All versions |
| Lenovo | Thinkpad W530 Firmware | All versions |
| Lenovo | Thinkpad W540 Firmware | All versions |
| Lenovo | Thinkpad W541 Firmware | All versions |
| Lenovo | Thinkpad W550s Firmware | All versions |
| Lenovo | Thinkpad X1 Carbon Firmware | All versions |
| Lenovo | Thinkpad X1 Yoga Firmware | All versions |
| Lenovo | Thinkpad X1 Firmware | All versions |
Showing 50 of 64 affected configurations. See NVD for the full list.
References
- https://support.lenovo.com/bg/en/product_security/len-24573Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-16098?
In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user.
How severe is CVE-2018-16098?
Severity scoring for CVE-2018-16098 is pending analysis. The EPSS model estimates a 0.40% probability of exploitation in the next 30 days.
How do I fix CVE-2018-16098?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2018-16098?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST