← Back

CVE-2018-16098

nvd nist
Published: Jan 24, 2019Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user.

Affected (64)

Products: Lenovo: Synaptics Thinkpad Ultranav Driver, Thinkpad Helix Firmware, Thiankpad L430 Firmware, Thiankpad L530 Firmware, Thiankpad P1 Firmware, Thiankpad X1 Extreme Firmware, Thiankpad P50s Firmware, Thiankpad P51 Firmware, Thiankpad P51s Firmware, Thiankpad P52s Firmware, Thiankpad P70 Firmware, Thiankpad S1 Yoga Firmware, Thiankpad S430 Firmware, Thiankpad T420 Firmware, Thiankpad T420i Firmware, Thinkpad T420s Firmware, Thinkpad T420si Firmware, Thinkpad T430i Firmware, Thinkpad T431s Firmware, Thinkpad T440 Firmware, Thinkpad T440s Firmware, Thinkpad T440p Firmware, Thinkpad T460s Firmware, Thinkpad T470 Firmware, Thinkpad T470s Firmware, Thinkpad T430s Firmware, Thinkpad T520 Firmware, Thinkpad T520i Firmware, Thinkpad T530 Firmware, Thinkpad T530i Firmware, Thinkpad T540 Firmware, Thinkpad T540p Firmware, Thinkpad T550 Firmware, Thinkpad T560 Firmware, Thinkpad T570 Firmware, Thinkpad T580 Firmware, Thinkpad Twist Firmware, Thinkpad S230u Firmware, Thinkpad W530 Firmware, Thinkpad W540 Firmware, Thinkpad W541 Firmware, Thinkpad W550s Firmware, Thinkpad X1 Carbon Firmware, Thinkpad X1 Yoga Firmware, Thinkpad X1 Firmware, Thinkpad X1 Hybrid Firmware, Thinkpad X220 Firmware, Thinkpad X220i Firmware, Thinkpad X220 Tablet Firmware, Thinkpad X230 Firmware, Thinkpad X230i Firmware, Thinkpad X230 Tablet Firmware, Thinkpad X230i Tablet Firmware, Thinkpad X230s Firmware, Thinkpad X240s Firmware, Thinkpad X240 Firmware, Thinkpad X250 Firmware, Thinkpad X280 Firmware, Thinkpad Yoga 11e Firmware
Lenovo
59 products
Synaptics Thinkpad Ultranav Driver
Thinkpad Helix Firmware
Thiankpad L430 Firmware
Thiankpad L530 Firmware
Thiankpad P1 Firmware
Thiankpad X1 Extreme Firmware
Thiankpad P50s Firmware
Thiankpad P51 Firmware
Thiankpad P51s Firmware
Thiankpad P52s Firmware
Thiankpad P70 Firmware
Thiankpad S1 Yoga Firmware
Thiankpad S430 Firmware
Thiankpad T420 Firmware
Thiankpad T420i Firmware
Thinkpad T420s Firmware
Thinkpad T420si Firmware
Thinkpad T430i Firmware
Thinkpad T431s Firmware
Thinkpad T440 Firmware
Thinkpad T440s Firmware
Thinkpad T440p Firmware
Thinkpad T460s Firmware
Thinkpad T470 Firmware
Thinkpad T470s Firmware
Thinkpad T430s Firmware
Thinkpad T520 Firmware
Thinkpad T520i Firmware
Thinkpad T530 Firmware
Thinkpad T530i Firmware
Thinkpad T540 Firmware
Thinkpad T540p Firmware
Thinkpad T550 Firmware
Thinkpad T560 Firmware
Thinkpad T570 Firmware
Thinkpad T580 Firmware
Thinkpad Twist Firmware
Thinkpad S230u Firmware
Thinkpad W530 Firmware
Thinkpad W540 Firmware
Thinkpad W541 Firmware
Thinkpad W550s Firmware
Thinkpad X1 Carbon Firmware
Thinkpad X1 Yoga Firmware
Thinkpad X1 Firmware
Thinkpad X1 Hybrid Firmware
Thinkpad X220 Firmware
Thinkpad X220i Firmware
Thinkpad X220 Tablet Firmware
Thinkpad X230 Firmware
Thinkpad X230i Firmware
Thinkpad X230 Tablet Firmware
Thinkpad X230i Tablet Firmware
Thinkpad X230s Firmware
Thinkpad X240s Firmware
Thinkpad X240 Firmware
Thinkpad X250 Firmware
Thinkpad X280 Firmware
Thinkpad Yoga 11e Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Synaptics Thinkpad Ultranav Driver
Version 18.0.7.119
Running on/withPlatform Versions
Microsoft
Windows 8.1
All versions
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Synaptics Thinkpad Ultranav Driver
Version 19.5.19.33
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Synaptics Thinkpad Ultranav Driver
Version 19.0.17.140
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Synaptics Thinkpad Ultranav Driver
Version 19.3.4.219
Running on/withPlatform Versions
Microsoft
Windows 10
All versions
Configuration E
1 vulnerable
Vulnerable SoftwareAffected Versions
Synaptics Thinkpad Ultranav Driver
Version 16.2.19.23
Configuration F
1 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Synaptics Thinkpad Ultranav Driver
Version 18.1.27.42
Running on/withPlatform Versions
Microsoft
Windows 7
All versions
Microsoft
Windows 8.1
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad Helix Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad Helix
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thiankpad L430 Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thiankpad L430
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thiankpad L530 Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thiankpad L530
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thiankpad P1 Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thiankpad P1
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thiankpad X1 Extreme Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thiankpad X1 Extreme
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thiankpad P50s Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thiankpad P50s
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thiankpad P51 Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thiankpad P51
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thiankpad P51s Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thiankpad P51s
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thiankpad P52s Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thiankpad P52s
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thiankpad P70 Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thiankpad P70
All versions
Configuration Q
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thiankpad S1 Yoga Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thiankpad S1 Yoga
All versions
Configuration R
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thiankpad S430 Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thiankpad S430
All versions
Configuration S
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thiankpad T420 Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thiankpad T420
All versions
Configuration T
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thiankpad T420i Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thiankpad T420i
All versions
Configuration U
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad T420s Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad T420s
All versions
Configuration V
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad T420si Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad T420si
All versions
Configuration X
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad T430i Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad T430i
All versions
Configuration Z
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad T431s Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad T431s
All versions
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad T440 Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad T440
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad T440s Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad T440s
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad T440p Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad T440p
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad T460s Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad T460s
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad T470 Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad T470
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad T470s Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad T470s
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad T430s Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad T430s
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad T520 Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad T520
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad T520i Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad T520i
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad T530 Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad T530
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad T530i Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad T530i
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad T540 Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad T540
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad T540p Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad T540p
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad T550 Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad T550
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad T560 Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad T560
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad T570 Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad T570
All versions
Configuration Q
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad T580 Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad T580
All versions
Configuration R
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad Twist Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad Twist
All versions
Configuration S
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad S230u Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad S230u
All versions
Configuration T
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad W530 Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad W530
All versions
Configuration U
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad W540 Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad W540
All versions
Configuration V
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad W541 Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad W541
All versions
Configuration W
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad W550s Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad W550s
All versions
Configuration X
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad X1 Carbon Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad X1 Carbon
All versions
Configuration Y
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad X1 Yoga Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad X1 Yoga
All versions
Configuration Z
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad X1 Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad X1
All versions
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad X1 Hybrid Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad X1 Hybrid
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad X220 Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad X220
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad X220i Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad X220i
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad X220 Tablet Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad X220 Tablet
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad X230 Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad X230
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad X230i Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad X230i
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad X230 Tablet Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad X230 Tablet
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad X230i Tablet Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad X230i Tablet
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad X230s Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad X230s
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad X240s Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad X240s
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad X240 Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad X240
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad X250 Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad X250
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad X280 Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad X280
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Thinkpad Yoga 11e Firmware
All versions
Running on/withPlatform Versions
Lenovo
Thinkpad Yoga 11e
All versions

Related CWEs

CWE-428
Unquoted Search Path or Element
The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

References (3)

Source: psirt@lenovo.com
Broken Link
Source: nvd@nist.gov
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link

Timeline

No history available yet.