CVE-2019-18618

4 documents4 sources

Severity

6.0MEDIUM

EPSS

0.4%

top 40.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

133

HP Elite Slice Firmware HP Elite X2 1012 G2 Firmware HP Elite X2 1013 G3 Firmware +130 more

Timeline

PublishedJul 22

Latest updateMay 24

Description

Incorrect access control in the firmware of Synaptics VFS75xx family fingerprint sensors that include external flash (all versions prior to 2019-11-15) allows a local administrator or physical attacker to compromise the confidentiality of sensor data via injection of an unverified partition table.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:NExploitability: 0.8 | Impact: 5.2

Affected Packages133 packages

▶NVDsynaptics/vfs75xx_firmware20 versions+19

▶NVDlenovo/thinkpad_x1_tablet_firmware< 5.5.40.1058

▶NVDlenovo/thinkpad_x1_tablet_\(20jx\)_firmware< 5.2.227.26

▶NVDhp/mt44_firmware< 5.5.21.1099

▶NVDhp/mt45_firmware< 5.5.21.1099

Patches

Patch: support.hp.com ↗Patch: support.lenovo.com ↗Patch: support.hp.com ↗

🔴Vulnerability Details

GHSA

GHSA-p92m-c9r4-7vc4: Incorrect access control in the firmware of Synaptics VFS75xx family fingerprint sensors that include external flash (all versions prior to 2019-11-15↗2022-05-24

▶

CVEList

CVE-2019-18618: Incorrect access control in the firmware of Synaptics VFS75xx family fingerprint sensors that include external flash (all versions prior to 2019-11-15↗2020-07-22

▶

💬Community

Bugzilla

CVE-2019-19481 opensc: Improper handling of buffer limits for CAC certificates↗2019-12-12

▶