7.8
HIGH
CVE-2019-18619
Synaptics WBF SynaTee SGX Enclave Code Execution Vulnerability
Description

Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (that can compromise confidentiality of enclave data) via APIs that accept invalid pointers.

INFO

Published Date :

July 22, 2020, 2:15 p.m.

Last Modified :

July 30, 2020, 7:28 p.m.

Remotely Exploitable :

No

Impact Score :

5.9

Exploitability Score :

1.8
Public PoC/Exploit Available at Github

CVE-2019-18619 has a 1 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2019-18619 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Lenovo thinkpad_e480_firmware
2 Lenovo thinkpad_e580_firmware
3 Lenovo thinkpad_l480_firmware
4 Lenovo thinkpad_l580_firmware
5 Lenovo thinkpad_p51_firmware
6 Lenovo thinkpad_p52_firmware
7 Lenovo thinkpad_p52s_firmware
8 Lenovo thinkpad_p72_firmware
9 Lenovo thinkpad_t470p_firmware
10 Lenovo thinkpad_t480_firmware
11 Lenovo thinkpad_t480s_firmware
12 Lenovo thinkpad_t580_firmware
13 Lenovo thinkpad_x380_yoga_firmware
14 Lenovo thinkpad_yoga_370_firmware
15 Lenovo thinkpad_x1_carbon_firmware
16 Lenovo thinkpad_x1_tablet_firmware
17 Lenovo thinkpad_x1_yoga_firmware
18 Lenovo thinkpad_x270_firmware
19 Lenovo thinkpad_x280_firmware
20 Lenovo thinkpad_t460p_firmware
21 Lenovo thinkpad_e490s_firmware
22 Lenovo thinkpad_s3_firmware
23 Lenovo thinkpad_e490_firmware
24 Lenovo thinkpad_e590_firmware
25 Lenovo thinkpad_r490_firmware
26 Lenovo thinkpad_r590_firmware
27 Lenovo thinkpad_p1_firmware
28 Lenovo thinkpad_p50_firmware
29 Lenovo thinkpad_p53_firmware
30 Lenovo thinkpad_p53s_firmware
31 Lenovo thinkpad_p70_firmware
32 Lenovo thinkpad_p73_firmware
33 Lenovo thinkpad_t460s_firmware
34 Lenovo thinkpad_t490_firmware
35 Lenovo thinkpad_t490s_firmware
36 Lenovo thinkpad_t590_firmware
37 Lenovo thinkpad_x1_extreme_firmware
38 Lenovo thinkpad_x390_firmware
39 Lenovo thinkpad_x390_yoga_firmware
40 Lenovo thinkpad_s1_3rd_firmware
41 Lenovo thinkpad_a275_firmware
42 Lenovo thinkpad_e485_firmware
43 Lenovo thinkpad_e585_firmware
44 Lenovo thinkpad_yoga_260_firmware
45 Lenovo thinkpad_yoga_s1_firmware
46 Lenovo thinkpad_p1_gen_2_firmware
47 Lenovo thinkpad_p43s_firmware
48 Lenovo thinkpad_x1_yoga_4th_gen_firmware
49 Lenovo thinkpad_x1_yoga_3rd_gen_firmware
50 Lenovo thinkpad_x1_extreme_2nd_firmware
51 Lenovo thinkpad_25_firmware
52 Lenovo thankpad_a475_firmware
53 Lenovo thankpad_a485_firmware
54 Lenovo thinkpad_p51s_\(20jx\)_firmware
55 Lenovo thinkpad_p51s_\(20kx\)_firmware
56 Lenovo thinkpad_p51s_\(20hx\)_firmware
57 Lenovo thinkpad_p71_\(20hx\)_firmware
58 Lenovo thinkpad_t25_\(20k7\)_firmware
59 Lenovo thinkpad_t470_\(20hx\)_firmware
60 Lenovo thinkpad_t470_\(20jx\)_firmware
61 Lenovo thinkpad_t470s_\(20hx\)_firmware
62 Lenovo thinkpad_t470s_\(20jx\)_firmware
63 Lenovo thinkpad_t570_\(20hx\)_firmware
64 Lenovo thinkpad_t570\(20jx\)_firmware
65 Lenovo thinkpad_x1_carbon_\(20hx\)_firmware
66 Lenovo thinkpad_x1_carbon_\(20kx\)_firmware
67 Lenovo thinkpad_x1_tablet_\(20jx\)_firmware
68 Lenovo thinkpad_x1_yoga_\(20jx\)_firmware
1 Hp spectre_x360_firmware
2 Hp envy_-_13t-ah100_firmware
3 Hp envy_-_13t-aq100_firmware
4 Hp envy_13-ah0xxx_firmware
5 Hp envy_13-ah1xxx_firmware
6 Hp envy_13-aq0xxx_firmware
7 Hp envy_13-aq1xxx_firmware
8 Hp envy_-_17t-bw000_firmware
9 Hp envy_-_17t-ce000_firmware
10 Hp envy_-_17t-ce100_firmware
11 Hp envy_17-bw0xxx_firmware
12 Hp envy_17-ce0xxx_firmware
13 Hp envy_17-ce1xxx_firmware
14 Hp envy_17m-bw0xxx_firmware
15 Hp envy_17m-ce0xxx_firmware
16 Hp envy_17m-ce1xxx_firmware
17 Hp envy_x360_-_15t-cn000_firmware
18 Hp envy_x360_-_15t-dr000_firmware
19 Hp envy_x360_-_15t-dr000_\(validity_fps\)_firmware
20 Hp envy_x360_-_15t-dr100_firmware
21 Hp envy_x360_-_15t-dr100_\(validity_fps\)_firmware
22 Hp envy_15-cn0xxx_x360_firmware
23 Hp envy_15-cn1xxx_x360_firmware
24 Hp envy_15-dr0xxx_x360_firmware
25 Hp envy_15-dr0xxx_x360_\(validity_fps\)_firmware
26 Hp envy_15-dr1xxx_x360_firmware
27 Hp envy_15-dr1xxx_x360_\(validity_fps\)_firmware
28 Hp envy_15m-cn0xxx_x360_firmware
29 Hp envy_15m-dr0xxx_x360_firmware
30 Hp envy_15m-dr0xxx_x360_\(validity_fps\)_firmware
31 Hp envy_15m-dr1xxx_x360_firmware
32 Hp envy_15m-dr1xxx_x360_\(validity_fps\)_firmware
33 Hp pavilion_x360_-_14t-cd000_firmware
34 Hp pavilion_x360_-_15t-dq000_firmware
35 Hp pavilion_x360_-_15t-dq100_firmware
36 Hp pavilion_x360_14t-cd100_firmware
37 Hp pavilion_x360_14t-dh000_firmware
38 Hp pavilion_14-cd1xxx_x360_firmware
39 Hp pavilion_14-cd2xxx_x360_firmware
40 Hp pavilion_14-dh0xxx_x360_firmware
41 Hp pavilion_14m-cd0xxx_x360_firmware
42 Hp pavilion_14m-dh0xxx_x360_firmware
43 Hp pavilion_15_firmware
1 Synaptics vfs75xx_firmware
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2019-18619.

URL Resource
https://support.hp.com/hk-en/document/c06696568 Patch Third Party Advisory
https://support.lenovo.com/us/en/product_security/LEN-31372 Patch Third Party Advisory
https://www.synaptics.com/company/blog/ Vendor Advisory
https://www.synaptics.com/sites/default/files/fingerprint-driver-SGX-security-brief-2020-07-14.pdf Vendor Advisory
https://www.syssec.wiwi.uni-due.de/en/research/research-projects/analysis-of-tee-software/ Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

PoC exploits against various SGX enclaves

sgx exploit poc memory-corruption

C++ Makefile

Updated: 1 year, 8 months ago
15 stars 3 fork 3 watcher
Born at : April 3, 2020, 1:19 p.m. This repo has been linked 1 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2019-18619 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2019-18619 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • Initial Analysis by [email protected]

    Jul. 30, 2020

    Action Type Old Value New Value
    Added CVSS V2 NIST (AV:L/AC:L/Au:N/C:P/I:P/A:P)
    Added CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://support.hp.com/hk-en/document/c06696568 No Types Assigned https://support.hp.com/hk-en/document/c06696568 Patch, Third Party Advisory
    Changed Reference Type https://support.lenovo.com/us/en/product_security/LEN-31372 No Types Assigned https://support.lenovo.com/us/en/product_security/LEN-31372 Patch, Third Party Advisory
    Changed Reference Type https://www.synaptics.com/company/blog/ No Types Assigned https://www.synaptics.com/company/blog/ Vendor Advisory
    Changed Reference Type https://www.synaptics.com/sites/default/files/fingerprint-driver-SGX-security-brief-2020-07-14.pdf No Types Assigned https://www.synaptics.com/sites/default/files/fingerprint-driver-SGX-security-brief-2020-07-14.pdf Vendor Advisory
    Changed Reference Type https://www.syssec.wiwi.uni-due.de/en/research/research-projects/analysis-of-tee-software/ No Types Assigned https://www.syssec.wiwi.uni-due.de/en/research/research-projects/analysis-of-tee-software/ Vendor Advisory
    Added CWE NIST CWE-763
    Added CPE Configuration AND OR *cpe:2.3:o:synaptics:vfs75xx_firmware:5.2.225.26:*:*:*:*:*:*:* *cpe:2.3:o:synaptics:vfs75xx_firmware:5.2.318.26:*:*:*:*:*:*:* *cpe:2.3:o:synaptics:vfs75xx_firmware:5.2.524.26:*:*:*:*:*:*:* *cpe:2.3:o:synaptics:vfs75xx_firmware:5.2.3530.26:*:*:*:*:*:*:* *cpe:2.3:o:synaptics:vfs75xx_firmware:5.3.3539.26:*:*:*:*:*:*:* *cpe:2.3:o:synaptics:vfs75xx_firmware:5.5.3.1116:*:*:*:*:*:*:* *cpe:2.3:o:synaptics:vfs75xx_firmware:5.5.8.1096:*:*:*:*:*:*:* *cpe:2.3:o:synaptics:vfs75xx_firmware:5.5.10.1093:*:*:*:*:*:*:* *cpe:2.3:o:synaptics:vfs75xx_firmware:5.5.11.1106:*:*:*:*:*:*:* *cpe:2.3:o:synaptics:vfs75xx_firmware:5.5.15.1102:*:*:*:*:*:*:* *cpe:2.3:o:synaptics:vfs75xx_firmware:5.5.38.1058:*:*:*:*:*:*:* *cpe:2.3:o:synaptics:vfs75xx_firmware:5.5.2734.1050:*:*:*:*:*:*:* *cpe:2.3:o:synaptics:vfs75xx_firmware:5.5.2811.1050:*:*:*:*:*:*:* *cpe:2.3:o:synaptics:vfs75xx_firmware:5.6.23.1000:*:*:*:*:*:*:* *cpe:2.3:o:synaptics:vfs75xx_firmware:6.0.14.1108:*:*:*:*:*:*:* *cpe:2.3:o:synaptics:vfs75xx_firmware:6.0.32.1104:*:*:*:*:*:*:* *cpe:2.3:o:synaptics:vfs75xx_firmware:6.0.42.1107:*:*:*:*:*:*:* OR cpe:2.3:h:synaptics:vfs75xx:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_25_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_25:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thankpad_a475_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.02.3539.0026 OR cpe:2.3:h:lenovo:thankpad_a475:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thankpad_a485_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.03.3542.0026 OR cpe:2.3:h:lenovo:thankpad_a485:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_e480_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.2.321.26 OR cpe:2.3:h:lenovo:thinkpad_e480:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_e580_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.2.321.26 OR cpe:2.3:h:lenovo:thinkpad_e580:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_e485_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.2.321.26 OR cpe:2.3:h:lenovo:thinkpad_e485:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_e585_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.2.321.26 OR cpe:2.3:h:lenovo:thinkpad_e585:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_e490s_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.2.321.26 OR cpe:2.3:h:lenovo:thinkpad_e490s:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_s3_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.2.321.26 OR cpe:2.3:h:lenovo:thinkpad_s3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_e490_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.2.321.26 OR cpe:2.3:h:lenovo:thinkpad_e490:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_e590_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.2.321.26 OR cpe:2.3:h:lenovo:thinkpad_e590:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_r490_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.2.321.26 OR cpe:2.3:h:lenovo:thinkpad_r490:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_r590_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.2.321.26 OR cpe:2.3:h:lenovo:thinkpad_r590:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_l480_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_l480:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_l580_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_l580:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_p1_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_p1:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_p1_gen_2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.36.1105 OR cpe:2.3:h:lenovo:thinkpad_p1_gen_2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_x1_extreme_2nd_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.36.1105 OR cpe:2.3:h:lenovo:thinkpad_x1_extreme_2nd:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_p43s_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.36.1105 OR cpe:2.3:h:lenovo:thinkpad_p43s:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_p50_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.1.338.26 OR cpe:2.3:h:lenovo:thinkpad_p50:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_p51_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_p51:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_p51s_\(20jx\)_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_p51s_\(20jx\):-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_p51s_\(20kx\)_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_p51s_\(20kx\):-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_p51s_\(20hx\)_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_p51s_\(20hx\):-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_p52_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_p52:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_p52s_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_p52s:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_p53_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.36.1105 OR cpe:2.3:h:lenovo:thinkpad_p53:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_p53s_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.36.1105 OR cpe:2.3:h:lenovo:thinkpad_p53s:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_p70_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.1.338.26 OR cpe:2.3:h:lenovo:thinkpad_p70:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_p71_\(20hx\)_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_p71_\(20hx\):-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_p72_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_p72:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_p73_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_p73:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_t25_\(20k7\)_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_t25_\(20k7\):-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_t460p_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.1.338.26 OR cpe:2.3:h:lenovo:thinkpad_t460p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_t460s_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.1.338.26 OR cpe:2.3:h:lenovo:thinkpad_t460s:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_t470_\(20hx\)_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_t470_\(20hx\):-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_t470_\(20jx\)_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_t470_\(20jx\):-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_t470p_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_t470p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_t470s_\(20hx\)_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_t470s_\(20hx\):-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_t470s_\(20jx\)_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_t470s_\(20jx\):-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_t480_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_t480:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_t480s_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_t480s:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_t490_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.36.1105 OR cpe:2.3:h:lenovo:thinkpad_t490:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_t490s_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.36.1105 OR cpe:2.3:h:lenovo:thinkpad_t490s:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_t570_\(20hx\)_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_t570_\(20hx\):-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_t570\(20jx\)_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_t570\(20jx\):-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_t580_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_t580:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_t590_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.36.1105 OR cpe:2.3:h:lenovo:thinkpad_t590:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_x1_carbon_\(20hx\)_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_x1_carbon_\(20hx\):-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_x1_carbon_\(20kx\)_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_x1_carbon_\(20kx\):-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_x1_carbon_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.1.338.26 OR cpe:2.3:h:lenovo:thinkpad_x1_carbon:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_x1_yoga_4th_gen_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.1.338.26 OR cpe:2.3:h:lenovo:thinkpad_x1_yoga_4th_gen:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_x1_extreme_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_x1_extreme:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_x1_tablet_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.5.40.1058 OR cpe:2.3:h:lenovo:thinkpad_x1_tablet:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_x1_tablet_\(20jx\)_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.2.227.26 OR cpe:2.3:h:lenovo:thinkpad_x1_tablet_\(20jx\):-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_x1_yoga_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.1.338.26 OR cpe:2.3:h:lenovo:thinkpad_x1_yoga:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_x1_yoga_\(20jx\)_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_x1_yoga_\(20jx\):-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_x1_yoga_3rd_gen_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_x1_yoga_3rd_gen:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_x270_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_x270:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_x280_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_x280:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_x380_yoga_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.3.3542.26 OR cpe:2.3:h:lenovo:thinkpad_x380_yoga:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_x390_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.36.1105 OR cpe:2.3:h:lenovo:thinkpad_x390:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_x390_yoga_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.36.1105 OR cpe:2.3:h:lenovo:thinkpad_x390_yoga:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_yoga_370_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_yoga_370:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_s1_3rd_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.2.3540.26 OR cpe:2.3:h:lenovo:thinkpad_s1_3rd:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_yoga_260_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.1.338.26 OR cpe:2.3:h:lenovo:thinkpad_yoga_260:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_yoga_s1_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.1.338.26 OR cpe:2.3:h:lenovo:thinkpad_yoga_s1:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkpad_a275_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.2.3535.26 OR cpe:2.3:h:lenovo:thinkpad_a275:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_-_13t-ah100_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:envy_-_13t-ah100:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_-_13t-aq100_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_-_13t-aq100:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_13-ah0xxx_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:envy_13-ah0xxx:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_13-ah1xxx_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:envy_13-ah1xxx:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_13-aq0xxx_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_13-aq0xxx:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_13-aq1xxx_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_13-aq1xxx:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_-_17t-bw000_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:envy_-_17t-bw000:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_-_17t-ce000_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_-_17t-ce000:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_-_17t-ce100_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_-_17t-ce100:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_17-bw0xxx_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:envy_17-bw0xxx:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_17-ce0xxx_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_17-ce0xxx:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_17-ce1xxx_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_17-ce1xxx:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_17m-bw0xxx_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:envy_17m-bw0xxx:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_17m-ce0xxx_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_17m-ce0xxx:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_17m-ce1xxx_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_17m-ce1xxx:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_x360_-_15t-cn000_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:envy_x360_-_15t-cn000:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_x360_-_15t-dr000_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_x360_-_15t-dr000:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_x360_-_15t-dr000_\(validity_fps\)_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.5.26.1102 OR cpe:2.3:h:hp:envy_x360_-_15t-dr000_\(validity_fps\):-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_x360_-_15t-dr100_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_x360_-_15t-dr100:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_x360_-_15t-dr100_\(validity_fps\)_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.5.26.1102 OR cpe:2.3:h:hp:envy_x360_-_15t-dr100_\(validity_fps\):-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_15-cn0xxx_x360_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:envy_15-cn0xxx_x360:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_15-cn1xxx_x360_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:envy_15-cn1xxx_x360:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_15-dr0xxx_x360_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_15-dr0xxx_x360:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_15-dr0xxx_x360_\(validity_fps\)_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.5.26.1102 OR cpe:2.3:h:hp:envy_15-dr0xxx_x360_\(validity_fps\):-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_15-dr1xxx_x360_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_15-dr1xxx_x360:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_15-dr1xxx_x360_\(validity_fps\)_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.5.26.1102 OR cpe:2.3:h:hp:envy_15-dr1xxx_x360_\(validity_fps\):-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_15m-cn0xxx_x360_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:envy_15m-cn0xxx_x360:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_15m-dr0xxx_x360_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_15m-dr0xxx_x360:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_15m-dr0xxx_x360_\(validity_fps\)_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.5.26.1102 OR cpe:2.3:h:hp:envy_15m-dr0xxx_x360_\(validity_fps\):-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_15m-dr1xxx_x360_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.39.1111 OR cpe:2.3:h:hp:envy_15m-dr1xxx_x360:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:envy_15m-dr1xxx_x360_\(validity_fps\)_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.5.26.1102 OR cpe:2.3:h:hp:envy_15m-dr1xxx_x360_\(validity_fps\):-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:pavilion_x360_-_14t-cd000_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:pavilion_x360_-_14t-cd000:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:pavilion_x360_-_15t-dq000_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.5.8.1116 OR cpe:2.3:h:hp:pavilion_x360_-_15t-dq000:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:pavilion_x360_-_15t-dq100_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.5.8.1116 OR cpe:2.3:h:hp:pavilion_x360_-_15t-dq100:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:pavilion_x360_14t-cd100_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:pavilion_x360_14t-cd100:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:pavilion_x360_14t-dh000_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.5.8.1116 OR cpe:2.3:h:hp:pavilion_x360_14t-dh000:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:pavilion_14-cd1xxx_x360_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:pavilion_14-cd1xxx_x360:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:pavilion_14-cd2xxx_x360_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:pavilion_14-cd2xxx_x360:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:pavilion_14-dh0xxx_x360_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.5.8.1116 OR cpe:2.3:h:hp:pavilion_14-dh0xxx_x360:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:pavilion_14m-cd0xxx_x360_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.5.11.1093 OR cpe:2.3:h:hp:pavilion_14m-cd0xxx_x360:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:pavilion_14m-dh0xxx_x360_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.5.8.1116 OR cpe:2.3:h:hp:pavilion_14m-dh0xxx_x360:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:pavilion_15_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.5.8.1116 OR cpe:2.3:h:hp:pavilion_15:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:spectre_x360_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.5.26.1102 OR cpe:2.3:h:hp:spectre_x360:-:*:*:*:*:*:*:*
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2019-18619 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2019-18619 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.04 }} 0.00%

score

0.05635

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability