Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Synaptics Smart Audio UWP App by Lenovo

    CVE-2020-8337 (GCVE-0-2020-8337)

    Vulnerability from nvd – Published: 2020-06-09 19:50 – Updated: 2024-09-16 18:38
    VLAI
    Summary
    An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code.
    Severity
    No CVSS data available.
    CWE
    • CWE-428 - Unquoted Search Path or Element
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Synaptics Smart Audio UWP App Affected: unspecified , < 1.0.83.0 (custom)
    Create a notification for this product.
    Date Public
    2020-06-09 00:00
    Credits
    Synaptics would like to thank Michele Dell'Uomo (Quantum Leap Srl - a Deloitte business) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:56:28.336Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/len-30707"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.synaptics.com/sites/default/files/audio-driver-security-brief-2020-06-09.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Synaptics Smart Audio UWP App",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "1.0.83.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Synaptics would like to thank Michele Dell\u0027Uomo (Quantum Leap Srl - a Deloitte business) for reporting this issue."
            }
          ],
          "datePublic": "2020-06-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-428",
                  "description": "CWE-428 Unquoted Search Path or Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-06-09T19:50:38.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/len-30707"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.synaptics.com/sites/default/files/audio-driver-security-brief-2020-06-09.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to version 1.0.83.0 (or later) of the Smart Audio app, which installs with the corresponding audio driver version."
            }
          ],
          "source": {
            "advisory": "LEN-3707",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "DATE_PUBLIC": "2020-06-09T18:00:00.000Z",
              "ID": "CVE-2020-8337",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Synaptics Smart Audio UWP App",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "1.0.83.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Synaptics would like to thank Michele Dell\u0027Uomo (Quantum Leap Srl - a Deloitte business) for reporting this issue."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-428 Unquoted Search Path or Element"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/product_security/len-30707",
                  "refsource": "MISC",
                  "url": "https://support.lenovo.com/us/en/product_security/len-30707"
                },
                {
                  "name": "https://www.synaptics.com/sites/default/files/audio-driver-security-brief-2020-06-09.pdf",
                  "refsource": "MISC",
                  "url": "https://www.synaptics.com/sites/default/files/audio-driver-security-brief-2020-06-09.pdf"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to version 1.0.83.0 (or later) of the Smart Audio app, which installs with the corresponding audio driver version."
              }
            ],
            "source": {
              "advisory": "LEN-3707",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2020-8337",
        "datePublished": "2020-06-09T19:50:38.150Z",
        "dateReserved": "2020-01-28T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:38:25.028Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-8337 (GCVE-0-2020-8337)

    Vulnerability from cvelistv5 – Published: 2020-06-09 19:50 – Updated: 2024-09-16 18:38
    VLAI
    Summary
    An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code.
    Severity
    No CVSS data available.
    CWE
    • CWE-428 - Unquoted Search Path or Element
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Synaptics Smart Audio UWP App Affected: unspecified , < 1.0.83.0 (custom)
    Create a notification for this product.
    Date Public
    2020-06-09 00:00
    Credits
    Synaptics would like to thank Michele Dell'Uomo (Quantum Leap Srl - a Deloitte business) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:56:28.336Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/len-30707"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.synaptics.com/sites/default/files/audio-driver-security-brief-2020-06-09.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Synaptics Smart Audio UWP App",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "1.0.83.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Synaptics would like to thank Michele Dell\u0027Uomo (Quantum Leap Srl - a Deloitte business) for reporting this issue."
            }
          ],
          "datePublic": "2020-06-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-428",
                  "description": "CWE-428 Unquoted Search Path or Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-06-09T19:50:38.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/len-30707"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.synaptics.com/sites/default/files/audio-driver-security-brief-2020-06-09.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to version 1.0.83.0 (or later) of the Smart Audio app, which installs with the corresponding audio driver version."
            }
          ],
          "source": {
            "advisory": "LEN-3707",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "DATE_PUBLIC": "2020-06-09T18:00:00.000Z",
              "ID": "CVE-2020-8337",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Synaptics Smart Audio UWP App",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "1.0.83.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Synaptics would like to thank Michele Dell\u0027Uomo (Quantum Leap Srl - a Deloitte business) for reporting this issue."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-428 Unquoted Search Path or Element"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/product_security/len-30707",
                  "refsource": "MISC",
                  "url": "https://support.lenovo.com/us/en/product_security/len-30707"
                },
                {
                  "name": "https://www.synaptics.com/sites/default/files/audio-driver-security-brief-2020-06-09.pdf",
                  "refsource": "MISC",
                  "url": "https://www.synaptics.com/sites/default/files/audio-driver-security-brief-2020-06-09.pdf"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to version 1.0.83.0 (or later) of the Smart Audio app, which installs with the corresponding audio driver version."
              }
            ],
            "source": {
              "advisory": "LEN-3707",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2020-8337",
        "datePublished": "2020-06-09T19:50:38.150Z",
        "dateReserved": "2020-01-28T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:38:25.028Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }