6.7
MEDIUM
CVE-2020-8337
Lenovo Synaptics Smart Audio UWP Path Vulnerability (Code Execution)
Description

An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code.

INFO

Published Date :

June 9, 2020, 8:15 p.m.

Last Modified :

Nov. 21, 2024, 5:38 a.m.

Remotely Exploitable :

No

Impact Score :

5.9

Exploitability Score :

0.8
Affected Products

The following products are affected by CVE-2020-8337 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Lenovo thinkpad_11e
2 Lenovo thinkpad_e480
3 Lenovo thinkpad_e580
4 Lenovo thinkpad_l380
5 Lenovo thinkpad_l380_yoga
6 Lenovo thinkpad_l480
7 Lenovo thinkpad_l580
8 Lenovo thinkpad_t470p
9 Lenovo thinkpad_x270
10 Lenovo thinkpad_x380_yoga
11 Lenovo thinkpad_yoga_370
12 Lenovo thinkpad_e450
13 Lenovo thinkpad_e450c
14 Lenovo thinkpad_e455
15 Lenovo thinkpad_e460
16 Lenovo thinkpad_e465
17 Lenovo thinkpad_e550
18 Lenovo thinkpad_e550c
19 Lenovo thinkpad_e555
20 Lenovo thinkpad_e560
21 Lenovo thinkpad_e565
22 Lenovo thinkpad_edge_e440
23 Lenovo thinkpad_edge_e445
24 Lenovo thinkpad_l440
25 Lenovo thinkpad_l450
26 Lenovo thinkpad_l460
27 Lenovo thinkpad_l540
28 Lenovo thinkpad_s1_yoga_12
29 Lenovo thinkpad_s3_yoga_14
30 Lenovo thinkpad_t450
31 Lenovo thinkpad_t450s
32 Lenovo thinkpad_t460
33 Lenovo thinkpad_t460p
34 Lenovo thinkpad_x260
35 Lenovo thinkpad_yoga_11e
36 Lenovo thinkpad_yoga_14_460_s3
37 Lenovo thinkpad_e490
38 Lenovo thinkpad_e490s
39 Lenovo thinkpad_e590
40 Lenovo thinkpad_p53
41 Lenovo thinkpad_p73
42 Lenovo thinkpad_13
43 Lenovo thinkpad_s5
44 Lenovo thinkpad_a275
45 Lenovo thinkpad_a475
46 Lenovo thinkpad_e470
47 Lenovo thinkpad_e570
48 Lenovo thinkpad_e475
49 Lenovo thinkpad_e575
50 Lenovo thinkpad_e485
51 Lenovo thinkpad_e585
52 Lenovo thinkpad_l470
53 Lenovo thinkpad_p40
54 Lenovo thinkpad_s3-s440
55 Lenovo thinkpad_s1_3rd
56 Lenovo yoga_14
57 Lenovo v330-15igm
58 Lenovo c340-14iwl
59 Lenovo flex-14iwl
60 Lenovo s540-14iwl
61 Lenovo s540-14iwl_touch
62 Lenovo v130-15ikb
63 Lenovo thinkpad_s3
64 Lenovo thinkpad_r490
65 Lenovo thinkpad_r590
66 Lenovo thinkpad_s3_3rd_gen
67 Lenovo thinkpad_s2_yoga_3rd_gen
68 Lenovo thinkpad_l390_yoga
69 Lenovo thinkpad_s2_yoga_4th_gen
70 Lenovo thinkpad_p1
71 Lenovo thinkpad_x1_extreme
72 Lenovo thinkpad_a285
73 Lenovo thinkpad_a485
74 Lenovo thinkpad_yoga_11e_3rd_gen
75 Lenovo thinkpad_yoga_11e_4th_gen
76 Lenovo thinkpad_yoga_11e_5th_gen
77 Lenovo v130-15igm
78 Lenovo v310-15igm
79 Lenovo 5-15ikb
80 Lenovo air-14_2019
81 Lenovo thinkpad_e540
82 Lenovo thinkpad_e545
1 Synaptics smart_audio_uwp
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2020-8337.

URL Resource
https://support.lenovo.com/us/en/product_security/len-30707 Vendor Advisory
https://www.synaptics.com/sites/default/files/audio-driver-security-brief-2020-06-09.pdf Vendor Advisory
https://support.lenovo.com/us/en/product_security/len-30707 Vendor Advisory
https://www.synaptics.com/sites/default/files/audio-driver-security-brief-2020-06-09.pdf Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2020-8337 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2020-8337 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://support.lenovo.com/us/en/product_security/len-30707
    Added Reference https://www.synaptics.com/sites/default/files/audio-driver-security-brief-2020-06-09.pdf
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • Initial Analysis by [email protected]

    Jun. 19, 2020

    Action Type Old Value New Value
    Added CVSS V2 NIST (AV:L/AC:L/Au:N/C:C/I:C/A:C)
    Added CVSS V3.1 NIST AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://support.lenovo.com/us/en/product_security/len-30707 No Types Assigned https://support.lenovo.com/us/en/product_security/len-30707 Vendor Advisory
    Changed Reference Type https://www.synaptics.com/sites/default/files/audio-driver-security-brief-2020-06-09.pdf No Types Assigned https://www.synaptics.com/sites/default/files/audio-driver-security-brief-2020-06-09.pdf Vendor Advisory
    Added CWE NIST CWE-428
    Added CPE Configuration AND OR *cpe:2.3:a:synaptics:smart_audio_uwp:*:*:*:*:*:*:*:* versions up to (excluding) 1.0.83.0 OR cpe:2.3:h:lenovo:5-15ikb:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:air-14_2019:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:c340-14iwl:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:flex-14iwl:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:s540-14iwl:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:s540-14iwl_touch:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_11e:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_13:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_a275:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_a285:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_a475:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_a485:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_e450:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_e450c:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_e455:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_e460:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_e465:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_e470:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_e475:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_e480:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_e485:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_e490:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_e490s:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_e540:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_e545:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_e550:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_e550c:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_e555:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_e560:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_e565:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_e570:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_e575:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_e580:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_e585:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_e590:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_edge_e440:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_edge_e445:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_l380:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_l380_yoga:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_l390_yoga:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_l440:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_l450:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_l460:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_l470:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_l480:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_l540:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_l580:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_p1:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_p40:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_p53:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_p73:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_r490:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_r590:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_s1_3rd:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_s1_yoga_12:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_s2_yoga_3rd_gen:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_s2_yoga_4th_gen:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_s3:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_s3-s440:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_s3_3rd_gen:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_s3_yoga_14:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_s5:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_t450:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_t450s:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_t460:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_t460p:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_t470p:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_x1_extreme:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_x260:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_x270:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_x380_yoga:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_yoga_11e:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_yoga_11e_3rd_gen:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_yoga_11e_4th_gen:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_yoga_11e_5th_gen:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_yoga_14_460_s3:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_yoga_370:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:v130-15igm:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:v130-15ikb:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:v310-15igm:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:v330-15igm:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:yoga_14:-:*:*:*:*:*:*:*
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2020-8337 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2020-8337 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.04 }} 0.00%

score

0.10264

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability