CVE-2019-18618 | Severity.io

Description

Incorrect access control in the firmware of Synaptics VFS75xx family fingerprint sensors that include external flash (all versions prior to 2019-11-15) allows a local administrator or physical attacker to compromise the confidentiality of sensor data via injection of an unverified partition table.

Related CPE's

o

synaptics

vfs75xx_firmware

20

thinkpad_25_firmware

Vulnerable

thankpad_a475_firmware

Vulnerable

thankpad_a485_firmware

Vulnerable

thinkpad_e480_firmware

Vulnerable

thinkpad_e580_firmware

Vulnerable

thinkpad_e485_firmware

Vulnerable

thinkpad_e585_firmware

Vulnerable

thinkpad_e490s_firmware

Vulnerable

thinkpad_s3_firmware

Vulnerable

thinkpad_e490_firmware

Vulnerable

thinkpad_e590_firmware

Vulnerable

thinkpad_r490_firmware

Vulnerable

thinkpad_r590_firmware

Vulnerable

thinkpad_l480_firmware

Vulnerable

thinkpad_l580_firmware

Vulnerable

thinkpad_p1_firmware

Vulnerable

thinkpad_p1_gen_2_firmware

Vulnerable

thinkpad_p1_gen_2

thinkpad_x1_extreme_2nd_firmware

Vulnerable

thinkpad_x1_extreme_2nd

thinkpad_p43s_firmware

Vulnerable

thinkpad_p50_firmware

Vulnerable

thinkpad_p51_firmware

Vulnerable

thinkpad_p51s_\(20jx\)_firmware

Vulnerable

thinkpad_p51s_\(20jx\)

thinkpad_p51s_\(20kx\)_firmware

Vulnerable

thinkpad_p51s_\(20kx\)

thinkpad_p51s_\(20hx\)_firmware

Vulnerable

thinkpad_p51s_\(20hx\)

thinkpad_p52_firmware

Vulnerable

thinkpad_p52s_firmware

Vulnerable

thinkpad_p53_firmware

Vulnerable

thinkpad_p53s_firmware

Vulnerable

thinkpad_p70_firmware

Vulnerable

thinkpad_p71_\(20hx\)_firmware

Vulnerable

thinkpad_p71_\(20hx\)

thinkpad_p72_firmware

Vulnerable

thinkpad_p73_firmware

Vulnerable

thinkpad_t25_\(20k7\)_firmware

Vulnerable

thinkpad_t25_\(20k7\)

thinkpad_t460p_firmware

Vulnerable

thinkpad_t460s_firmware

Vulnerable

thinkpad_t470_\(20hx\)_firmware

Vulnerable

thinkpad_t470_\(20hx\)

thinkpad_t470_\(20jx\)_firmware

Vulnerable

thinkpad_t470_\(20jx\)

thinkpad_t470p_firmware

Vulnerable

thinkpad_t470s_\(20hx\)_firmware

Vulnerable

thinkpad_t470s_\(20hx\)

thinkpad_t470s_\(20jx\)_firmware

Vulnerable

thinkpad_t470s_\(20jx\)

thinkpad_t480_firmware

Vulnerable

thinkpad_t480s_firmware

Vulnerable

thinkpad_t490_firmware

Vulnerable

thinkpad_t490s_firmware

Vulnerable

thinkpad_t570_\(20hx\)_firmware

Vulnerable

thinkpad_t570_\(20hx\)

thinkpad_t570\(20jx\)_firmware

Vulnerable

thinkpad_t570\(20jx\)

thinkpad_t580_firmware

Vulnerable

thinkpad_t590_firmware

Vulnerable

thinkpad_x1_carbon_\(20hx\)_firmware

Vulnerable

thinkpad_x1_carbon_\(20hx\)

thinkpad_x1_carbon_\(20kx\)_firmware

Vulnerable

thinkpad_x1_carbon_\(20kx\)

thinkpad_x1_carbon_firmware

Vulnerable

thinkpad_x1_carbon

thinkpad_x1_yoga_4th_gen_firmware

Vulnerable

thinkpad_x1_yoga_4th_gen

thinkpad_x1_extreme_firmware

Vulnerable

thinkpad_x1_extreme

thinkpad_x1_tablet_firmware

Vulnerable

thinkpad_x1_tablet

thinkpad_x1_tablet_\(20jx\)_firmware

Vulnerable

thinkpad_x1_tablet_\(20jx\)

thinkpad_x1_yoga_firmware

Vulnerable

thinkpad_x1_yoga

thinkpad_x1_yoga_\(20jx\)_firmware

Vulnerable

thinkpad_x1_yoga_\(20jx\)

thinkpad_x1_yoga_3rd_gen_firmware

Vulnerable

thinkpad_x1_yoga_3rd_gen

thinkpad_x270_firmware

Vulnerable

thinkpad_x280_firmware

Vulnerable

thinkpad_x380_yoga_firmware

Vulnerable

thinkpad_x380_yoga

thinkpad_x390_firmware

Vulnerable

thinkpad_x390_yoga_firmware

Vulnerable

thinkpad_x390_yoga

thinkpad_yoga_370_firmware

Vulnerable

thinkpad_yoga_370

thinkpad_s1_3rd_firmware

Vulnerable

thinkpad_s1_3rd

thinkpad_yoga_260_firmware

Vulnerable

thinkpad_yoga_260

thinkpad_yoga_s1_firmware

Vulnerable

thinkpad_yoga_s1

thinkpad_a275_firmware

Vulnerable

elite_x2_1012_g2_firmware

Vulnerable

elite_x2_1012_g2

elite_x2_1013_g3_firmware

Vulnerable

elite_x2_1013_g3

elite_x2_g4_firmware

Vulnerable

elitebook_1040_g4_firmware

Vulnerable

elitebook_1040_g4

elitebook_1050_g1_firmware

Vulnerable

elitebook_1050_g1

elitebook_735_g5_firmware

Vulnerable

elitebook_735_g5

elitebook_735_g6_firmware

Vulnerable

elitebook_735_g6

elitebook_745_g5_firmware

Vulnerable

elitebook_745_g5

elitebook_745_g6_firmware

Vulnerable

elitebook_745_g6

elitebook_755_g5_firmware

Vulnerable

elitebook_755_g5

elitebook_830_g5_firmware

Vulnerable

elitebook_830_g5

elitebook_830_g6_firmware

Vulnerable

elitebook_830_g6

elitebook_836_g5_firmware

Vulnerable

elitebook_836_g5

elitebook_836_g6_firmware

Vulnerable

elitebook_836_g6

elitebook_840_g5_firmware

Vulnerable

elitebook_840_g5

elitebook_840_g5_healthcare_edition_firmware

Vulnerable

elitebook_840_g5_healthcare_edition

elitebook_840_g6_firmware

Vulnerable

elitebook_840_g6

elitebook_840_g6_healthcare_edition_firmware

Vulnerable

elitebook_840_g6_healthcare_edition

elitebook_846_g5_firmware

Vulnerable

elitebook_846_g5

elitebook_846_g5_healthcare_edition_firmware

Vulnerable

elitebook_846_g5_healthcare_edition

elitebook_846_g6_firmware

Vulnerable

elitebook_846_g6

elitebook_846_g6_healthcare_edition_firmware

Vulnerable

elitebook_846_g6_healthcare_edition

elitebook_850_g5_firmware

Vulnerable

elitebook_850_g5

elitebook_850_g6_firmware

Vulnerable

elitebook_850_g6

elitebook_x360_1020_g2_firmware

Vulnerable

elitebook_x360_1020_g2

elitebook_x360_1030_g2_firmware

Vulnerable

elitebook_x360_1030_g2

elitebook_x360_1030_g3_firmware

Vulnerable

elitebook_x360_1030_g3

elitebook_x360_1030_g4_firmware

Vulnerable

elitebook_x360_1030_g4

elitebook_x360_1040_g5_firmware

Vulnerable

elitebook_x360_1040_g5

elitebook_x360_1040_g6_firmware

Vulnerable

elitebook_x360_1040_g6

elitebook_x360_830_g5_firmware

Vulnerable

elitebook_x360_830_g5

elitebook_x360_830_g6_firmware

Vulnerable

elitebook_x360_830_g6

pro_x2_612_g2_firmware

Vulnerable

probook_430_g6_firmware

Vulnerable

probook_440_g6_firmware

Vulnerable

probook_445_g6_firmware

Vulnerable

probook_445r_g6_firmware

Vulnerable

probook_445r_g6

probook_450_g6_firmware

Vulnerable

probook_455_g6_firmware

Vulnerable

probook_455r_g6_firmware

Vulnerable

probook_455r_g6

probook_640_g5_firmware

Vulnerable

probook_650_g5_firmware

Vulnerable

zbook_14u_g5_firmware

Vulnerable

zbook_14u_g6_firmware

Vulnerable

zbook_15_g5_firmware

Vulnerable

zbook_15_g6_firmware

Vulnerable

zbook_15u_g5_firmware

Vulnerable

zbook_15u_g6_firmware

Vulnerable

zbook_17_g5_firmware

Vulnerable

zbook_17_g6_firmware

Vulnerable

zbook_studio_g5_firmware

Vulnerable

zbook_studio_g5

zbook_studio_x360_g5_firmware

Vulnerable

zbook_studio_x360_g5

zhan_66_pro_13_g2_firmware

Vulnerable

zhan_66_pro_13_g2

zhan_66_pro_14_g2_firmware

Vulnerable

zhan_66_pro_14_g2

zhan_66_pro_15_g2_firmware

Vulnerable

zhan_66_pro_15_g2

zhan_x_13_g2_firmware

Vulnerable

elite_slice_firmware

Vulnerable

eliteone_1000_g1_firmware

Vulnerable

eliteone_1000_g1

eliteone_1000_g2_firmware

Vulnerable

eliteone_1000_g2

Vulnerable

Vulnerable

envy_x360_firmware

Vulnerable

pavilion_x360_firmware

Vulnerable

spectre_x360_firmware

Vulnerable

References

https://support.hp.com/us-en/document/c06696474

PatchThird Party Advisory

https://support.lenovo.com/us/en/product_security/LEN-31372

PatchThird Party Advisory

https://www.synaptics.com/company/blog/

Vendor Advisory

https://www.synaptics.com/sites/default/files/fingerprint-sensor-VFS7500-security-brief-2020-07-14.pdf

Vendor Advisory

Weaknesses

[email protected]

Primary

NVD-CWE-noinfo

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

6 · Medium

CVSS V3.1
CVSS V3.0
CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2020-07-22T14:15:14.737

4 years ago

Last modified

2020-07-30T19:26:59.267

4 years ago