CVE-2020-15596 : The ALPS ALPINE touchpad driver before 8.2206.1717.634, as used on various Dell,

The ALPS ALPINE touchpad driver before 8.2206.1717.634, as used on various Dell, HP, and Lenovo laptops, allows attackers to conduct Path Disclosure attacks via a "fake" DLL file.

Published 2020-08-12 22:15:12

Updated 2021-07-21 11:39:24

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2020-15596

HP » Elite X2 1012 G1 Firmware
Versions before (<) 8.2206.1717.166
cpe:2.3:o:hp:elite_x2_1012_g1_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Elite X2 1012 G1 » Version: N/A
HP » Elitebook 1030 G1 Firmware
Versions before (<) 8.2206.1717.166
cpe:2.3:o:hp:elitebook_1030_g1_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Elitebook 1030 G1 » Version: N/A
HP » Elitebook Folio 1040 G3 Firmware
Versions before (<) 8.2206.1717.166
cpe:2.3:o:hp:elitebook_folio_1040_g3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Elitebook Folio 1040 G3 » Version: N/A
HP » Elitebook Folio G1 Firmware
Versions before (<) 8.2206.1717.166
cpe:2.3:o:hp:elitebook_folio_g1_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Elitebook Folio G1 » Version: N/A
HP » Elitebook Revolve 810 G2 Firmware
Versions before (<) 10.1201.1717.108
cpe:2.3:o:hp:elitebook_revolve_810_g2_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Elitebook Revolve 810 G2 » Version: N/A
HP » Elitebook Revolve 810 G3 Firmware
Versions before (<) 10.1201.1717.108
cpe:2.3:o:hp:elitebook_revolve_810_g3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Elitebook Revolve 810 G3 » Version: N/A
HP » Zbook Studio G3 Firmware
Versions before (<) 8.2206.1717.166
cpe:2.3:o:hp:zbook_studio_g3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Zbook Studio G3 » Version: N/A
HP » Elite X2 1012 G2 Firmware
Versions before (<) 8.2206.1717.634
cpe:2.3:o:hp:elite_x2_1012_g2_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Elite X2 1012 G2 » Version: N/A
HP » Elitebook 1040 G4 Firmware
Versions before (<) 8.2206.1717.634
cpe:2.3:o:hp:elitebook_1040_g4_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Elitebook 1040 G4 » Version: N/A
HP » Elitebook X360 1020 G2 Firmware
Versions before (<) 8.2206.1717.634
cpe:2.3:o:hp:elitebook_x360_1020_g2_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Elitebook X360 1020 G2 » Version: N/A
HP » Elitebook X360 1030 G2 Firmware
Versions before (<) 8.2206.1717.634
cpe:2.3:o:hp:elitebook_x360_1030_g2_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Elitebook X360 1030 G2 » Version: N/A
HP » Pro X2 612 G2 Firmware
Versions before (<) 8.2206.1717.634
cpe:2.3:o:hp:pro_x2_612_g2_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Pro X2 612 G2 » Version: N/A
HP » Zbook Studio G4 Firmware
Versions before (<) 8.2206.1717.634
cpe:2.3:o:hp:zbook_studio_g4_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Zbook Studio G4 » Version: N/A
HP » Zbook X2 G4 Firmware
Versions before (<) 8.2206.1717.634
cpe:2.3:o:hp:zbook_x2_g4_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Zbook X2 G4 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2020-15596

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 18 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-15596

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P	3.9	6.4	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
6.7	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	0.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2020-15596

CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-15596

https://seclists.org/fulldisclosure/2020/Jul/30

Full Disclosure: Advisory:[CVE-2020-15596]ALPS ALPINE DLL Hijacking Issue
Mailing List;Third Party Advisory
https://support.hp.com/document/c06706305

HPSBHF03677 rev. 1 - ALPS ALPINE Touchpad Driver Security Update | HP® Customer Support
Vendor Advisory

Jump to

Vulnerability Details : CVE-2020-15596

Products affected by CVE-2020-15596

Exploit prediction scoring system (EPSS) score for CVE-2020-15596

CVSS scores for CVE-2020-15596

CWE ids for CVE-2020-15596

References for CVE-2020-15596