Vulnerabilites related to Lenovo - Synaptics Smart Audio UWP App
cve-2020-8337
Vulnerability from cvelistv5
Published
2020-06-09 19:50
Modified
2024-09-16 18:38
Severity ?
EPSS score ?
Summary
An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/us/en/product_security/len-30707 | x_refsource_MISC | |
| https://www.synaptics.com/sites/default/files/audio-driver-security-brief-2020-06-09.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | Synaptics Smart Audio UWP App |
Version: unspecified < 1.0.83.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:28.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/len-30707"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.synaptics.com/sites/default/files/audio-driver-security-brief-2020-06-09.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Synaptics Smart Audio UWP App",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.0.83.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Synaptics would like to thank Michele Dell\u0027Uomo (Quantum Leap Srl - a Deloitte business) for reporting this issue."
}
],
"datePublic": "2020-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-09T19:50:38",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/len-30707"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.synaptics.com/sites/default/files/audio-driver-security-brief-2020-06-09.pdf"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 1.0.83.0 (or later) of the Smart Audio app, which installs with the corresponding audio driver version."
}
],
"source": {
"advisory": "LEN-3707",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2020-06-09T18:00:00.000Z",
"ID": "CVE-2020-8337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Synaptics Smart Audio UWP App",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.0.83.0"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Synaptics would like to thank Michele Dell\u0027Uomo (Quantum Leap Srl - a Deloitte business) for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-428 Unquoted Search Path or Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/len-30707",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/len-30707"
},
{
"name": "https://www.synaptics.com/sites/default/files/audio-driver-security-brief-2020-06-09.pdf",
"refsource": "MISC",
"url": "https://www.synaptics.com/sites/default/files/audio-driver-security-brief-2020-06-09.pdf"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 1.0.83.0 (or later) of the Smart Audio app, which installs with the corresponding audio driver version."
}
],
"source": {
"advisory": "LEN-3707",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2020-8337",
"datePublished": "2020-06-09T19:50:38.150822Z",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-09-16T18:38:25.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}