CVE-2020-15596 — MEDIUM (6.7)

Q: What is CVE-2020-15596?

CVE-2020-15596 is a vulnerability with a CVSS score of 6.7 (MEDIUM). The ALPS ALPINE touchpad driver before 8.2206.1717.634, as used on various Dell, HP, and Lenovo laptops, allows attackers to conduct Path Disclosure attacks via a "fake" DLL file.

Q: How severe is CVE-2020-15596?

CVE-2020-15596 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-15596?

Check the references section above for vendor advisories and patch information. Affected products include: Hp Elite X2 1012 G1 Firmware, Hp Elite X2 1012 G1, Hp Elite X2 1012 G2 Firmware, Hp Elite X2 1012 G2, Hp Elitebook 1030 G1 Firmware.

Vulnerability Description

The ALPS ALPINE touchpad driver before 8.2206.1717.634, as used on various Dell, HP, and Lenovo laptops, allows attackers to conduct Path Disclosure attacks via a "fake" DLL file.

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Hp	Elite X2 1012 G1 Firmware	< 8.2206.1717.166
Hp	Elite X2 1012 G1	-
Hp	Elite X2 1012 G2 Firmware	< 8.2206.1717.634
Hp	Elite X2 1012 G2	-
Hp	Elitebook 1030 G1 Firmware	< 8.2206.1717.166
Hp	Elitebook 1030 G1	-
Hp	Elitebook 1040 G4 Firmware	< 8.2206.1717.634
Hp	Elitebook 1040 G4	-
Hp	Elitebook Folio 1040 G3 Firmware	< 8.2206.1717.166
Hp	Elitebook Folio 1040 G3	-
Hp	Elitebook Folio G1 Firmware	< 8.2206.1717.166
Hp	Elitebook Folio G1	-
Hp	Elitebook Revolve 810 G2 Firmware	< 10.1201.1717.108
Hp	Elitebook Revolve 810 G2	-
Hp	Elitebook Revolve 810 G3 Firmware	< 10.1201.1717.108
Hp	Elitebook Revolve 810 G3	-
Hp	Elitebook X360 1020 G2 Firmware	< 8.2206.1717.634
Hp	Elitebook X360 1020 G2	-
Hp	Elitebook X360 1030 G2 Firmware	< 8.2206.1717.634
Hp	Elitebook X360 1030 G2	-

Related Weaknesses (CWE)

CWE-427

References

https://seclists.org/fulldisclosure/2020/Jul/30Mailing ListThird Party Advisory
https://support.hp.com/document/c06706305Vendor Advisory
https://seclists.org/fulldisclosure/2020/Jul/30Mailing ListThird Party Advisory
https://support.hp.com/document/c06706305Vendor Advisory

FAQ

What is CVE-2020-15596?

CVE-2020-15596 is a vulnerability with a CVSS score of 6.7 (MEDIUM). The ALPS ALPINE touchpad driver before 8.2206.1717.634, as used on various Dell, HP, and Lenovo laptops, allows attackers to conduct Path Disclosure attacks via a "fake" DLL file.

How severe is CVE-2020-15596?

CVE-2020-15596 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-15596?

Check the references section above for vendor advisories and patch information. Affected products include: Hp Elite X2 1012 G1 Firmware, Hp Elite X2 1012 G1, Hp Elite X2 1012 G2 Firmware, Hp Elite X2 1012 G2, Hp Elitebook 1030 G1 Firmware.