Search
Find a vulnerability
Search criteria
2 vulnerabilities found for Synaptics Smart Audio UWP App by Lenovo
CVE-2020-8337 (GCVE-0-2020-8337)
Vulnerability from nvd – Published: 2020-06-09 19:50 – Updated: 2024-09-16 18:38
VLAI
EPSS
VEX
Summary
An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code.
Severity
No CVSS data available.
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.lenovo.com/us/en/product_security… | x_refsource_MISC |
| https://www.synaptics.com/sites/default/files/aud… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | Synaptics Smart Audio UWP App |
Affected:
unspecified , < 1.0.83.0
(custom)
|
Date Public
2020-06-09 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:28.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/len-30707"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.synaptics.com/sites/default/files/audio-driver-security-brief-2020-06-09.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Synaptics Smart Audio UWP App",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.0.83.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Synaptics would like to thank Michele Dell\u0027Uomo (Quantum Leap Srl - a Deloitte business) for reporting this issue."
}
],
"datePublic": "2020-06-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-09T19:50:38.000Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/len-30707"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.synaptics.com/sites/default/files/audio-driver-security-brief-2020-06-09.pdf"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 1.0.83.0 (or later) of the Smart Audio app, which installs with the corresponding audio driver version."
}
],
"source": {
"advisory": "LEN-3707",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2020-06-09T18:00:00.000Z",
"ID": "CVE-2020-8337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Synaptics Smart Audio UWP App",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.0.83.0"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Synaptics would like to thank Michele Dell\u0027Uomo (Quantum Leap Srl - a Deloitte business) for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-428 Unquoted Search Path or Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/len-30707",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/len-30707"
},
{
"name": "https://www.synaptics.com/sites/default/files/audio-driver-security-brief-2020-06-09.pdf",
"refsource": "MISC",
"url": "https://www.synaptics.com/sites/default/files/audio-driver-security-brief-2020-06-09.pdf"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 1.0.83.0 (or later) of the Smart Audio app, which installs with the corresponding audio driver version."
}
],
"source": {
"advisory": "LEN-3707",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2020-8337",
"datePublished": "2020-06-09T19:50:38.150Z",
"dateReserved": "2020-01-28T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:38:25.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8337 (GCVE-0-2020-8337)
Vulnerability from cvelistv5 – Published: 2020-06-09 19:50 – Updated: 2024-09-16 18:38
VLAI
EPSS
VEX
Summary
An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code.
Severity
No CVSS data available.
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.lenovo.com/us/en/product_security… | x_refsource_MISC |
| https://www.synaptics.com/sites/default/files/aud… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | Synaptics Smart Audio UWP App |
Affected:
unspecified , < 1.0.83.0
(custom)
|
Date Public
2020-06-09 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:28.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/len-30707"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.synaptics.com/sites/default/files/audio-driver-security-brief-2020-06-09.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Synaptics Smart Audio UWP App",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.0.83.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Synaptics would like to thank Michele Dell\u0027Uomo (Quantum Leap Srl - a Deloitte business) for reporting this issue."
}
],
"datePublic": "2020-06-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-09T19:50:38.000Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/len-30707"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.synaptics.com/sites/default/files/audio-driver-security-brief-2020-06-09.pdf"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 1.0.83.0 (or later) of the Smart Audio app, which installs with the corresponding audio driver version."
}
],
"source": {
"advisory": "LEN-3707",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2020-06-09T18:00:00.000Z",
"ID": "CVE-2020-8337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Synaptics Smart Audio UWP App",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.0.83.0"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Synaptics would like to thank Michele Dell\u0027Uomo (Quantum Leap Srl - a Deloitte business) for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-428 Unquoted Search Path or Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/len-30707",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/len-30707"
},
{
"name": "https://www.synaptics.com/sites/default/files/audio-driver-security-brief-2020-06-09.pdf",
"refsource": "MISC",
"url": "https://www.synaptics.com/sites/default/files/audio-driver-security-brief-2020-06-09.pdf"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 1.0.83.0 (or later) of the Smart Audio app, which installs with the corresponding audio driver version."
}
],
"source": {
"advisory": "LEN-3707",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2020-8337",
"datePublished": "2020-06-09T19:50:38.150Z",
"dateReserved": "2020-01-28T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:38:25.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}