CVE-2020-8337 : An unquoted search path vulnerability was reported in versions prior to 1.0.83.0

An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code.

Published 2020-06-09 20:15:23

Updated 2020-06-19 15:23:40

Source Lenovo Group Ltd.

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2020-8337

Synaptics » Smart Audio Uwp
Versions before (<) 1.0.83.0
cpe:2.3:a:synaptics:smart_audio_uwp:*:*:*:*:*:*:*:*
Matching versions
When used together with: Lenovo » 5-15ikb » Version: N/A
When used together with: Lenovo » Air-14 2019 » Version: N/A
When used together with: Lenovo » C340-14iwl » Version: N/A
When used together with: Lenovo » Flex-14iwl » Version: N/A
When used together with: Lenovo » S540-14iwl » Version: N/A
When used together with: Lenovo » S540-14iwl Touch » Version: N/A
When used together with: Lenovo » Thinkpad 11e » Version: N/A
When used together with: Lenovo » Thinkpad 13 » Version: N/A
When used together with: Lenovo » Thinkpad A275 » Version: N/A
When used together with: Lenovo » Thinkpad A285 » Version: N/A
When used together with: Lenovo » Thinkpad A475 » Version: N/A
When used together with: Lenovo » Thinkpad A485 » Version: N/A
When used together with: Lenovo » Thinkpad E450 » Version: N/A
When used together with: Lenovo » Thinkpad E450c » Version: N/A
When used together with: Lenovo » Thinkpad E455 » Version: N/A
When used together with: Lenovo » Thinkpad E460 » Version: N/A
When used together with: Lenovo » Thinkpad E465 » Version: N/A
When used together with: Lenovo » Thinkpad E470 » Version: N/A
When used together with: Lenovo » Thinkpad E475 » Version: N/A
When used together with: Lenovo » Thinkpad E480 » Version: N/A
When used together with: Lenovo » Thinkpad E485 » Version: N/A
When used together with: Lenovo » Thinkpad E490 » Version: N/A
When used together with: Lenovo » Thinkpad E490s » Version: N/A
When used together with: Lenovo » Thinkpad E540 » Version: N/A
When used together with: Lenovo » Thinkpad E545 » Version: N/A
When used together with: Lenovo » Thinkpad E550 » Version: N/A
When used together with: Lenovo » Thinkpad E550c » Version: N/A
When used together with: Lenovo » Thinkpad E555 » Version: N/A
When used together with: Lenovo » Thinkpad E560 » Version: N/A
When used together with: Lenovo » Thinkpad E565 » Version: N/A
When used together with: Lenovo » Thinkpad E570 » Version: N/A
When used together with: Lenovo » Thinkpad E575 » Version: N/A
When used together with: Lenovo » Thinkpad E580 » Version: N/A
When used together with: Lenovo » Thinkpad E585 » Version: N/A
When used together with: Lenovo » Thinkpad E590 » Version: N/A
When used together with: Lenovo » Thinkpad Edge E440 » Version: N/A
When used together with: Lenovo » Thinkpad Edge E445 » Version: N/A
When used together with: Lenovo » Thinkpad L380 » Version: N/A
When used together with: Lenovo » Thinkpad L380 Yoga » Version: N/A
When used together with: Lenovo » Thinkpad L390 Yoga » Version: N/A
When used together with: Lenovo » Thinkpad L440 » Version: N/A
When used together with: Lenovo » Thinkpad L450 » Version: N/A
When used together with: Lenovo » Thinkpad L460 » Version: N/A
When used together with: Lenovo » Thinkpad L470 » Version: N/A
When used together with: Lenovo » Thinkpad L480 » Version: N/A
When used together with: Lenovo » Thinkpad L540 » Version: N/A
When used together with: Lenovo » Thinkpad L580 » Version: N/A
When used together with: Lenovo » Thinkpad P1 » Version: N/A
When used together with: Lenovo » Thinkpad P40 » Version: N/A
When used together with: Lenovo » Thinkpad P53 » Version: N/A
When used together with: Lenovo » Thinkpad P73 » Version: N/A
When used together with: Lenovo » Thinkpad R490 » Version: N/A
When used together with: Lenovo » Thinkpad R590 » Version: N/A
When used together with: Lenovo » Thinkpad S1 3rd » Version: N/A
When used together with: Lenovo » Thinkpad S1 Yoga 12 » Version: N/A
When used together with: Lenovo » Thinkpad S2 Yoga 3rd Gen » Version: N/A
When used together with: Lenovo » Thinkpad S2 Yoga 4th Gen » Version: N/A
When used together with: Lenovo » Thinkpad S3 » Version: N/A
When used together with: Lenovo » Thinkpad S3-s440 » Version: N/A
When used together with: Lenovo » Thinkpad S3 3rd Gen » Version: N/A
When used together with: Lenovo » Thinkpad S3 Yoga 14 » Version: N/A
When used together with: Lenovo » Thinkpad S5 » Version: N/A
When used together with: Lenovo » Thinkpad T450 » Version: N/A
When used together with: Lenovo » Thinkpad T450s » Version: N/A
When used together with: Lenovo » Thinkpad T460 » Version: N/A
When used together with: Lenovo » Thinkpad T460p » Version: N/A
When used together with: Lenovo » Thinkpad T470p » Version: N/A
When used together with: Lenovo » Thinkpad X1 Extreme » Version: N/A
When used together with: Lenovo » Thinkpad X260 » Version: N/A
When used together with: Lenovo » Thinkpad X270 » Version: N/A
When used together with: Lenovo » Thinkpad X380 Yoga » Version: N/A
When used together with: Lenovo » Thinkpad Yoga 11e » Version: N/A
When used together with: Lenovo » Thinkpad Yoga 11e 3rd Gen » Version: N/A
When used together with: Lenovo » Thinkpad Yoga 11e 4th Gen » Version: N/A
When used together with: Lenovo » Thinkpad Yoga 11e 5th Gen » Version: N/A
When used together with: Lenovo » Thinkpad Yoga 14 460 S3 » Version: N/A
When used together with: Lenovo » Thinkpad Yoga 370 » Version: N/A
When used together with: Lenovo » V130-15igm » Version: N/A
When used together with: Lenovo » V130-15ikb » Version: N/A
When used together with: Lenovo » V310-15igm » Version: N/A
When used together with: Lenovo » V330-15igm » Version: N/A
When used together with: Lenovo » Yoga 14 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2020-8337

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 11 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-8337

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
6.7	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	0.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2020-8337

CWE-428 Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
Assigned by:
- nvd@nist.gov (Primary)
- psirt@lenovo.com (Secondary)

References for CVE-2020-8337

https://www.synaptics.com/sites/default/files/audio-driver-security-brief-2020-06-09.pdf

Vendor Advisory
https://support.lenovo.com/us/en/product_security/len-30707

Synaptics Audio Driver Vulnerability - US
Vendor Advisory

Jump to

Vulnerability Details : CVE-2020-8337

Products affected by CVE-2020-8337

Exploit prediction scoring system (EPSS) score for CVE-2020-8337

CVSS scores for CVE-2020-8337

CWE ids for CVE-2020-8337

References for CVE-2020-8337