CVE-2020-15596

Published: Aug 12, 2020Modified: Nov 21, 2024

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

The ALPS ALPINE touchpad driver before 8.2206.1717.634, as used on various Dell, HP, and Lenovo laptops, allows attackers to conduct Path Disclosure attacks via a "fake" DLL file.

Affected (14)

Products: Hp: Elite X2 1012 G1 Firmware, Elite X2 1012 G2 Firmware, Elitebook 1030 G1 Firmware, Elitebook 1040 G4 Firmware, Elitebook Folio 1040 G3 Firmware, Elitebook Folio G1 Firmware, Elitebook Revolve 810 G2 Firmware, Elitebook Revolve 810 G3 Firmware, Elitebook X360 1020 G2 Firmware, Elitebook X360 1030 G2 Firmware, Pro X2 612 G2 Firmware, Zbook Studio G3 Firmware, Zbook Studio G4 Firmware, Zbook X2 G4 Firmware

14 products

Elite X2 1012 G1 Firmware

Elite X2 1012 G2 Firmware

Elitebook 1030 G1 Firmware

Elitebook 1040 G4 Firmware

Elitebook Folio 1040 G3 Firmware

Elitebook Folio G1 Firmware

Elitebook Revolve 810 G2 Firmware

Elitebook Revolve 810 G3 Firmware

Elitebook X360 1020 G2 Firmware

Elitebook X360 1030 G2 Firmware

Pro X2 612 G2 Firmware

Zbook Studio G3 Firmware

Zbook Studio G4 Firmware

Zbook X2 G4 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Elite X2 1012 G1 Firmware	Before 8.2206.1717.166

Running on/with	Platform Versions
Hp Elite X2 1012 G1	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Elite X2 1012 G2 Firmware	Before 8.2206.1717.634

Running on/with	Platform Versions
Hp Elite X2 1012 G2	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Elitebook 1030 G1 Firmware	Before 8.2206.1717.166

Running on/with	Platform Versions
Hp Elitebook 1030 G1	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Elitebook 1040 G4 Firmware	Before 8.2206.1717.634

Running on/with	Platform Versions
Hp Elitebook 1040 G4	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Elitebook Folio 1040 G3 Firmware	Before 8.2206.1717.166

Running on/with	Platform Versions
Hp Elitebook Folio 1040 G3	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Elitebook Folio G1 Firmware	Before 8.2206.1717.166

Running on/with	Platform Versions
Hp Elitebook Folio G1	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Elitebook Revolve 810 G2 Firmware	Before 10.1201.1717.108

Running on/with	Platform Versions
Hp Elitebook Revolve 810 G2	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Elitebook Revolve 810 G3 Firmware	Before 10.1201.1717.108

Running on/with	Platform Versions
Hp Elitebook Revolve 810 G3	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Elitebook X360 1020 G2 Firmware	Before 8.2206.1717.634

Running on/with	Platform Versions
Hp Elitebook X360 1020 G2	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Elitebook X360 1030 G2 Firmware	Before 8.2206.1717.634

Running on/with	Platform Versions
Hp Elitebook X360 1030 G2	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Pro X2 612 G2 Firmware	Before 8.2206.1717.634

Running on/with	Platform Versions
Hp Pro X2 612 G2	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Zbook Studio G3 Firmware	Before 8.2206.1717.166

Running on/with	Platform Versions
Hp Zbook Studio G3	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Zbook Studio G4 Firmware	Before 8.2206.1717.634

Running on/with	Platform Versions
Hp Zbook Studio G4	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Zbook X2 G4 Firmware	Before 8.2206.1717.634

Running on/with	Platform Versions
Hp Zbook X2 G4	All versions

Related CWEs

CWE-427

Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (4)

https://seclists.org/fulldisclosure/2020/Jul/30

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://support.hp.com/document/c06706305

Source: cve@mitre.org

Vendor Advisory

https://seclists.org/fulldisclosure/2020/Jul/30

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://support.hp.com/document/c06706305

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.