CVE-2019-18618

6.0

MEDIUM

Synaptics VFS75xx family Fingerprint Sensor Firmware Unprivileged Partition Injection

Description

Incorrect access control in the firmware of Synaptics VFS75xx family fingerprint sensors that include external flash (all versions prior to 2019-11-15) allows a local administrator or physical attacker to compromise the confidentiality of sensor data via injection of an unverified partition table.

INFO

Published Date :

July 22, 2020, 2:15 p.m.

Last Modified :

July 30, 2020, 7:26 p.m.

Source :

[email protected]

Remotely Exploitable :

No

Impact Score :

5.2

Exploitability Score :

0.8

Affected Products

The following products are affected by CVE-2019-18618 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product
1	Lenovo	thinkpad_e480_firmware
2	Lenovo	thinkpad_e580_firmware
3	Lenovo	thinkpad_l480_firmware
4	Lenovo	thinkpad_l580_firmware
5	Lenovo	thinkpad_p51_firmware
6	Lenovo	thinkpad_p52_firmware
7	Lenovo	thinkpad_p52s_firmware
8	Lenovo	thinkpad_p72_firmware
9	Lenovo	thinkpad_t470p_firmware
10	Lenovo	thinkpad_t480_firmware
11	Lenovo	thinkpad_t480s_firmware
12	Lenovo	thinkpad_t580_firmware
13	Lenovo	thinkpad_x380_yoga_firmware
14	Lenovo	thinkpad_yoga_370_firmware
15	Lenovo	thinkpad_x1_carbon_firmware
16	Lenovo	thinkpad_x1_tablet_firmware
17	Lenovo	thinkpad_x1_yoga_firmware
18	Lenovo	thinkpad_x270_firmware
19	Lenovo	thinkpad_x280_firmware
20	Lenovo	thinkpad_t460p_firmware
21	Lenovo	thinkpad_e490s_firmware
22	Lenovo	thinkpad_s3_firmware
23	Lenovo	thinkpad_e490_firmware
24	Lenovo	thinkpad_e590_firmware
25	Lenovo	thinkpad_r490_firmware
26	Lenovo	thinkpad_r590_firmware
27	Lenovo	thinkpad_p1_firmware
28	Lenovo	thinkpad_p50_firmware
29	Lenovo	thinkpad_p53_firmware
30	Lenovo	thinkpad_p53s_firmware
31	Lenovo	thinkpad_p70_firmware
32	Lenovo	thinkpad_p73_firmware
33	Lenovo	thinkpad_t460s_firmware
34	Lenovo	thinkpad_t490_firmware
35	Lenovo	thinkpad_t490s_firmware
36	Lenovo	thinkpad_t590_firmware
37	Lenovo	thinkpad_x1_extreme_firmware
38	Lenovo	thinkpad_x390_firmware
39	Lenovo	thinkpad_x390_yoga_firmware
40	Lenovo	thinkpad_s1_3rd_firmware
41	Lenovo	thinkpad_a275_firmware
42	Lenovo	thinkpad_e485_firmware
43	Lenovo	thinkpad_e585_firmware
44	Lenovo	thinkpad_yoga_260_firmware
45	Lenovo	thinkpad_yoga_s1_firmware
46	Lenovo	thinkpad_p1_gen_2_firmware
47	Lenovo	thinkpad_p43s_firmware
48	Lenovo	thinkpad_x1_yoga_4th_gen_firmware
49	Lenovo	thinkpad_x1_yoga_3rd_gen_firmware
50	Lenovo	thinkpad_x1_extreme_2nd_firmware
51	Lenovo	thinkpad_25_firmware
52	Lenovo	thankpad_a475_firmware
53	Lenovo	thankpad_a485_firmware
54	Lenovo	thinkpad_p51s_\(20jx\)_firmware
55	Lenovo	thinkpad_p51s_\(20kx\)_firmware
56	Lenovo	thinkpad_p51s_\(20hx\)_firmware
57	Lenovo	thinkpad_p71_\(20hx\)_firmware
58	Lenovo	thinkpad_t25_\(20k7\)_firmware
59	Lenovo	thinkpad_t470_\(20hx\)_firmware
60	Lenovo	thinkpad_t470_\(20jx\)_firmware
61	Lenovo	thinkpad_t470s_\(20hx\)_firmware
62	Lenovo	thinkpad_t470s_\(20jx\)_firmware
63	Lenovo	thinkpad_t570_\(20hx\)_firmware
64	Lenovo	thinkpad_t570\(20jx\)_firmware
65	Lenovo	thinkpad_x1_carbon_\(20hx\)_firmware
66	Lenovo	thinkpad_x1_carbon_\(20kx\)_firmware
67	Lenovo	thinkpad_x1_tablet_\(20jx\)_firmware
68	Lenovo	thinkpad_x1_yoga_\(20jx\)_firmware
1	Hp	elite_slice_firmware
2	Hp	elite_x2_1012_g2_firmware
3	Hp	elitebook_1040_g4_firmware
4	Hp	elitebook_x360_1020_g2_firmware
5	Hp	elitebook_x360_1030_g2_firmware
6	Hp	pro_x2_612_g2_firmware
7	Hp	elite_x2_1013_g3_firmware
8	Hp	elite_x2_g4_firmware
9	Hp	elitebook_1050_g1_firmware
10	Hp	elitebook_735_g5_firmware
11	Hp	elitebook_735_g6_firmware
12	Hp	elitebook_745_g5_firmware
13	Hp	elitebook_745_g6_firmware
14	Hp	elitebook_755_g5_firmware
15	Hp	elitebook_830_g5_firmware
16	Hp	elitebook_830_g6_firmware
17	Hp	elitebook_836_g5_firmware
18	Hp	elitebook_836_g6_firmware
19	Hp	elitebook_840_g5_firmware
20	Hp	elitebook_840_g5_healthcare_edition_firmware
21	Hp	elitebook_840_g6_firmware
22	Hp	elitebook_840_g6_healthcare_edition_firmware
23	Hp	elitebook_846_g5_firmware
24	Hp	elitebook_846_g5_healthcare_edition_firmware
25	Hp	elitebook_846_g6_firmware
26	Hp	elitebook_846_g6_healthcare_edition_firmware
27	Hp	elitebook_850_g5_firmware
28	Hp	elitebook_850_g6_firmware
29	Hp	elitebook_x360_1030_g3_firmware
30	Hp	elitebook_x360_1030_g4_firmware
31	Hp	elitebook_x360_1040_g5_firmware
32	Hp	elitebook_x360_1040_g6_firmware
33	Hp	elitebook_x360_830_g5_firmware
34	Hp	elitebook_x360_830_g6_firmware
35	Hp	probook_430_g6_firmware
36	Hp	probook_440_g6_firmware
37	Hp	probook_445_g6_firmware
38	Hp	probook_445r_g6_firmware
39	Hp	probook_450_g6_firmware
40	Hp	probook_455_g6_firmware
41	Hp	probook_455r_g6_firmware
42	Hp	probook_640_g5_firmware
43	Hp	probook_650_g5_firmware
44	Hp	zbook_14u_g5_firmware
45	Hp	zbook_14u_g6_firmware
46	Hp	zbook_15_g5_firmware
47	Hp	zbook_15_g6_firmware
48	Hp	zbook_15u_g5_firmware
49	Hp	zbook_15u_g6_firmware
50	Hp	zbook_17_g5_firmware
51	Hp	zbook_17_g6_firmware
52	Hp	zbook_studio_g5_firmware
53	Hp	zbook_studio_x360_g5_firmware
54	Hp	zhan_66_pro_13_g2_firmware
55	Hp	zhan_66_pro_14_g2_firmware
56	Hp	zhan_66_pro_15_g2_firmware
57	Hp	zhan_x_13_g2_firmware
58	Hp	eliteone_1000_g1_firmware
59	Hp	eliteone_1000_g2_firmware
60	Hp	mt44_firmware
61	Hp	mt45_firmware
62	Hp	envy_x360_firmware
63	Hp	pavilion_x360_firmware
64	Hp	spectre_x360_firmware
1	Synaptics	vfs75xx_firmware

: Total Affected Vendor : 3 | Products : 133

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2019-18618.

URL	Resource
https://support.hp.com/us-en/document/c06696474	Patch Third Party Advisory
https://support.lenovo.com/us/en/product_security/LEN-31372	Patch Third Party Advisory
https://www.synaptics.com/company/blog/	Vendor Advisory
https://www.synaptics.com/sites/default/files/fingerprint-sensor-VFS7500-security-brief-2020-07-14.pdf	Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2019-18618 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2019-18618 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

CVE Modified by [email protected]

May. 14, 2024

Action Type Old Value New Value

Initial Analysis by [email protected]

Jul. 30, 2020

Action	Type	Old Value	New Value
Added	CVSS V2		NIST (AV:L/AC:L/Au:N/C:P/I:P/A:N)
Added	CVSS V3.1		NIST AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Changed	Reference Type	https://support.hp.com/us-en/document/c06696474 No Types Assigned	https://support.hp.com/us-en/document/c06696474 Patch, Third Party Advisory
Changed	Reference Type	https://support.lenovo.com/us/en/product_security/LEN-31372 No Types Assigned	https://support.lenovo.com/us/en/product_security/LEN-31372 Patch, Third Party Advisory
Changed	Reference Type	https://www.synaptics.com/company/blog/ No Types Assigned	https://www.synaptics.com/company/blog/ Vendor Advisory
Changed	Reference Type	https://www.synaptics.com/sites/default/files/fingerprint-sensor-VFS7500-security-brief-2020-07-14.pdf No Types Assigned	https://www.synaptics.com/sites/default/files/fingerprint-sensor-VFS7500-security-brief-2020-07-14.pdf Vendor Advisory
Added	CWE		NIST NVD-CWE-noinfo
Added	CPE Configuration		AND OR cpe:2.3:o:synaptics:vfs75xx_firmware:5.1.5.51::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.1.337.26::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.1.3507.26::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.2.320.26::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.2.524.26::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.2.3109.26::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.2.3530.26::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.2.5024.26::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.3.3541.26::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.5.4.1116::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.5.8.1092::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.5.10.1100::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.5.10.1106::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.5.17.1099::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.5.17.1102::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.5.35.1058::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.5.502.79::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.5.512.1051::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.5.2734.1050::::::: cpe:2.3:o:synaptics:vfs75xx_firmware:5.5.2810.1050::::::: OR cpe:2.3:h:synaptics:vfs75xx:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_25_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_25:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thankpad_a475_firmware::::::::* versions up to (excluding) 5.02.3539.0026 OR cpe:2.3:h:lenovo:thankpad_a475:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thankpad_a485_firmware::::::::* versions up to (excluding) 5.03.3542.0026 OR cpe:2.3:h:lenovo:thankpad_a485:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_e480_firmware::::::::* versions up to (excluding) 5.2.321.26 OR cpe:2.3:h:lenovo:thinkpad_e480:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_e580_firmware::::::::* versions up to (excluding) 5.2.321.26 OR cpe:2.3:h:lenovo:thinkpad_e580:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_e485_firmware::::::::* versions up to (excluding) 5.2.321.26 OR cpe:2.3:h:lenovo:thinkpad_e485:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_e585_firmware::::::::* versions up to (excluding) 5.2.321.26 OR cpe:2.3:h:lenovo:thinkpad_e585:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_e490s_firmware::::::::* versions up to (excluding) 5.2.321.26 OR cpe:2.3:h:lenovo:thinkpad_e490s:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_s3_firmware::::::::* versions up to (excluding) 5.2.321.26 OR cpe:2.3:h:lenovo:thinkpad_s3:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_e490_firmware::::::::* versions up to (excluding) 5.2.321.26 OR cpe:2.3:h:lenovo:thinkpad_e490:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_e590_firmware::::::::* versions up to (excluding) 5.2.321.26 OR cpe:2.3:h:lenovo:thinkpad_e590:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_r490_firmware::::::::* versions up to (excluding) 5.2.321.26 OR cpe:2.3:h:lenovo:thinkpad_r490:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_r590_firmware::::::::* versions up to (excluding) 5.2.321.26 OR cpe:2.3:h:lenovo:thinkpad_r590:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_l480_firmware::::::::* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_l480:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_l580_firmware::::::::* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_l580:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p1_firmware::::::::* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_p1:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p1_gen_2_firmware::::::::* versions up to (excluding) 6.0.36.1105 OR cpe:2.3:h:lenovo:thinkpad_p1_gen_2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x1_extreme_2nd_firmware::::::::* versions up to (excluding) 6.0.36.1105 OR cpe:2.3:h:lenovo:thinkpad_x1_extreme_2nd:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p43s_firmware::::::::* versions up to (excluding) 6.0.36.1105 OR cpe:2.3:h:lenovo:thinkpad_p43s:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p50_firmware::::::::* versions up to (excluding) 5.1.338.26 OR cpe:2.3:h:lenovo:thinkpad_p50:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p51_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_p51:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p51s_\(20jx\)_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_p51s_\(20jx\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p51s_\(20kx\)_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_p51s_\(20kx\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p51s_\(20hx\)_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_p51s_\(20hx\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p52_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_p52:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p52s_firmware::::::::* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_p52s:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p53_firmware::::::::* versions up to (excluding) 6.0.36.1105 OR cpe:2.3:h:lenovo:thinkpad_p53:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p53s_firmware::::::::* versions up to (excluding) 6.0.36.1105 OR cpe:2.3:h:lenovo:thinkpad_p53s:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p70_firmware::::::::* versions up to (excluding) 5.1.338.26 OR cpe:2.3:h:lenovo:thinkpad_p70:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p71_\(20hx\)_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_p71_\(20hx\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p72_firmware::::::::* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_p72:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_p73_firmware::::::::* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_p73:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t25_\(20k7\)_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_t25_\(20k7\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t460p_firmware::::::::* versions up to (excluding) 5.1.338.26 OR cpe:2.3:h:lenovo:thinkpad_t460p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t460s_firmware::::::::* versions up to (excluding) 5.1.338.26 OR cpe:2.3:h:lenovo:thinkpad_t460s:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t470_\(20hx\)_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_t470_\(20hx\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t470_\(20jx\)_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_t470_\(20jx\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t470p_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_t470p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t470s_\(20hx\)_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_t470s_\(20hx\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t470s_\(20jx\)_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_t470s_\(20jx\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t480_firmware::::::::* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_t480:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t480s_firmware::::::::* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_t480s:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t490_firmware::::::::* versions up to (excluding) 6.0.36.1105 OR cpe:2.3:h:lenovo:thinkpad_t490:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t490s_firmware::::::::* versions up to (excluding) 6.0.36.1105 OR cpe:2.3:h:lenovo:thinkpad_t490s:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t570_\(20hx\)_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_t570_\(20hx\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t570\(20jx\)_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_t570\(20jx\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t580_firmware::::::::* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_t580:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_t590_firmware::::::::* versions up to (excluding) 6.0.36.1105 OR cpe:2.3:h:lenovo:thinkpad_t590:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x1_carbon_\(20hx\)_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_x1_carbon_\(20hx\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x1_carbon_\(20kx\)_firmware::::::::* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_x1_carbon_\(20kx\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x1_carbon_firmware::::::::* versions up to (excluding) 5.1.338.26 OR cpe:2.3:h:lenovo:thinkpad_x1_carbon:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x1_yoga_4th_gen_firmware::::::::* versions up to (excluding) 5.1.338.26 OR cpe:2.3:h:lenovo:thinkpad_x1_yoga_4th_gen:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x1_extreme_firmware::::::::* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_x1_extreme:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x1_tablet_firmware::::::::* versions up to (excluding) 5.5.40.1058 OR cpe:2.3:h:lenovo:thinkpad_x1_tablet:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x1_tablet_\(20jx\)_firmware::::::::* versions up to (excluding) 5.2.227.26 OR cpe:2.3:h:lenovo:thinkpad_x1_tablet_\(20jx\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x1_yoga_firmware::::::::* versions up to (excluding) 5.1.338.26 OR cpe:2.3:h:lenovo:thinkpad_x1_yoga:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x1_yoga_\(20jx\)_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_x1_yoga_\(20jx\):-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x1_yoga_3rd_gen_firmware::::::::* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_x1_yoga_3rd_gen:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x270_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_x270:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x280_firmware::::::::* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_x280:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x380_yoga_firmware::::::::* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_x380_yoga:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x390_firmware::::::::* versions up to (excluding) 6.0.36.1105 OR cpe:2.3:h:lenovo:thinkpad_x390:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_x390_yoga_firmware::::::::* versions up to (excluding) 6.0.36.1105 OR cpe:2.3:h:lenovo:thinkpad_x390_yoga:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_yoga_370_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_yoga_370:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_s1_3rd_firmware::::::::* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_s1_3rd:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_yoga_260_firmware::::::::* versions up to (excluding) 5.1.338.26 OR cpe:2.3:h:lenovo:thinkpad_yoga_260:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_yoga_s1_firmware::::::::* versions up to (excluding) 5.1.338.26 OR cpe:2.3:h:lenovo:thinkpad_yoga_s1:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:lenovo:thinkpad_a275_firmware::::::::* versions up to (excluding) 5.2.3535.26 OR cpe:2.3:h:lenovo:thinkpad_a275:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:elite_x2_1012_g2_firmware::::::::* versions up to (excluding) 5.2.5026.26 OR cpe:2.3:h:hp:elite_x2_1012_g2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:elite_x2_1013_g3_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:elite_x2_1013_g3:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:elite_x2_g4_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:elite_x2_g4:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:elitebook_1040_g4_firmware::::::::* versions up to (excluding) 5.2.5026.26 OR cpe:2.3:h:hp:elitebook_1040_g4:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:elitebook_1050_g1_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:elitebook_1050_g1:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:elitebook_735_g5_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:elitebook_735_g5:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:elitebook_735_g6_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:elitebook_735_g6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:elitebook_745_g5_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:elitebook_745_g5:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:elitebook_745_g6_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:elitebook_745_g6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:elitebook_755_g5_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:elitebook_755_g5:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:elitebook_830_g5_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:elitebook_830_g5:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:elitebook_830_g6_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:elitebook_830_g6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:elitebook_836_g5_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:elitebook_836_g5:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:elitebook_836_g6_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:elitebook_836_g6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:elitebook_840_g5_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:elitebook_840_g5:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:elitebook_840_g5_healthcare_edition_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:elitebook_840_g5_healthcare_edition:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:elitebook_840_g6_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:elitebook_840_g6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:elitebook_840_g6_healthcare_edition_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:elitebook_840_g6_healthcare_edition:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:elitebook_846_g5_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:elitebook_846_g5:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:elitebook_846_g5_healthcare_edition_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:elitebook_846_g5_healthcare_edition:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:elitebook_846_g6_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:elitebook_846_g6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:elitebook_846_g6_healthcare_edition_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:elitebook_846_g6_healthcare_edition:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:elitebook_850_g5_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:elitebook_850_g5:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:elitebook_850_g6_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:elitebook_850_g6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:elitebook_x360_1020_g2_firmware::::::::* versions up to (excluding) 5.2.5026.26 OR cpe:2.3:h:hp:elitebook_x360_1020_g2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:elitebook_x360_1030_g2_firmware::::::::* versions up to (excluding) 5.2.5026.26 OR cpe:2.3:h:hp:elitebook_x360_1030_g2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:elitebook_x360_1030_g3_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:elitebook_x360_1030_g3:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:elitebook_x360_1030_g4_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:elitebook_x360_1030_g4:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:elitebook_x360_1040_g5_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:elitebook_x360_1040_g5:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:elitebook_x360_1040_g6_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:elitebook_x360_1040_g6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:elitebook_x360_830_g5_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:elitebook_x360_830_g5:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:elitebook_x360_830_g6_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:elitebook_x360_830_g6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:pro_x2_612_g2_firmware::::::::* versions up to (excluding) 5.2.5026.26 OR cpe:2.3:h:hp:pro_x2_612_g2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:probook_430_g6_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:probook_430_g6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:probook_440_g6_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:probook_440_g6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:probook_445_g6_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:probook_445_g6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:probook_445r_g6_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:probook_445r_g6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:probook_450_g6_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:probook_450_g6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:probook_455_g6_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:probook_455_g6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:probook_455r_g6_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:probook_455r_g6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:probook_640_g5_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:probook_640_g5:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:probook_650_g5_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:probook_650_g5:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:zbook_14u_g5_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:zbook_14u_g5:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:zbook_14u_g6_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:zbook_14u_g6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:zbook_15_g5_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:zbook_15_g5:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:zbook_15_g6_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:zbook_15_g6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:zbook_15u_g5_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:zbook_15u_g5:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:zbook_15u_g6_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:zbook_15u_g6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:zbook_17_g5_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:zbook_17_g5:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:zbook_17_g6_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:zbook_17_g6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:zbook_studio_g5_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:zbook_studio_g5:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:zbook_studio_x360_g5_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:zbook_studio_x360_g5:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:zhan_66_pro_13_g2_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:zhan_66_pro_13_g2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:zhan_66_pro_14_g2_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:zhan_66_pro_14_g2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:zhan_66_pro_15_g2_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:zhan_66_pro_15_g2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:zhan_x_13_g2_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:zhan_x_13_g2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:elite_slice_firmware::::::::* versions up to (excluding) 5.2.3110.26 OR cpe:2.3:h:hp:elite_slice:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:eliteone_1000_g1_firmware::::::::* versions up to (excluding) 5.2.5026.26 OR cpe:2.3:h:hp:eliteone_1000_g1:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:eliteone_1000_g2_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:eliteone_1000_g2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:mt44_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:mt44:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:mt45_firmware::::::::* versions up to (excluding) 5.5.21.1099 OR cpe:2.3:h:hp:mt45:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:envy_x360_firmware::::::::* versions up to (excluding) 5.5.26.1102 OR cpe:2.3:h:hp:envy_x360:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:pavilion_x360_firmware::::::::* versions up to (excluding) 5.5.8.1116 OR cpe:2.3:h:hp:pavilion_x360:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:hp:spectre_x360_firmware::::::::* versions up to (excluding) 5.5.26.1102 OR cpe:2.3:h:hp:spectre_x360:-:::::::*

CVE Modified by [email protected]

Jul. 23, 2020

Action Type Old Value New Value

Added Reference https://support.hp.com/us-en/document/c06696474 [No Types Assigned]

Action	Type	Old Value	New Value
Added	Reference		https://support.hp.com/us-en/document/c06696474 [No Types Assigned]

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.

CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2019-18618 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2019-18618 weaknesses.

CVE-2019-18618

Synaptics VFS75xx family Fingerprint Sensor Firmware Unprivileged Partition Injection

Description

INFO

July 22, 2020, 2:15 p.m.

July 30, 2020, 7:26 p.m.

[email protected]

No

5.2

0.8

Affected Products

References to Advisories, Solutions, and Tools

CVE Modified by [email protected]

Initial Analysis by [email protected]

CVE Modified by [email protected]

CWE - Common Weakness Enumeration

Common Attack Pattern Enumeration and Classification (CAPEC)

Exploit Prediction

0.04 }} 0.00%

0.05635

CVSS31 - Vulnerability Scoring System

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable