Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.6
CVSSv2

CVE-2019-18618

Published: 22/07/2020 Updated: 30/07/2020
CVSS v2 Base Score: 3.6 | Impact Score: 4.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 6 | Impact Score: 5.2 | Exploitability Score: 0.8
VMScore: 320
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N

Vulnerability Summary

Incorrect access control in the firmware of Synaptics VFS75xx family fingerprint sensors that include external flash (all versions before 2019-11-15) allows a local administrator or physical malicious user to compromise the confidentiality of sensor data via injection of an unverified partition table.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

synaptics vfs75xx_firmware 5.1.5.51

synaptics vfs75xx_firmware 5.1.337.26

synaptics vfs75xx_firmware 5.1.3507.26

synaptics vfs75xx_firmware 5.2.320.26

synaptics vfs75xx_firmware 5.2.524.26

synaptics vfs75xx_firmware 5.2.3109.26

synaptics vfs75xx_firmware 5.2.3530.26

synaptics vfs75xx_firmware 5.2.5024.26

synaptics vfs75xx_firmware 5.3.3541.26

synaptics vfs75xx_firmware 5.5.4.1116

synaptics vfs75xx_firmware 5.5.8.1092

synaptics vfs75xx_firmware 5.5.10.1100

synaptics vfs75xx_firmware 5.5.10.1106

synaptics vfs75xx_firmware 5.5.17.1099

synaptics vfs75xx_firmware 5.5.17.1102

synaptics vfs75xx_firmware 5.5.35.1058

synaptics vfs75xx_firmware 5.5.502.79

synaptics vfs75xx_firmware 5.5.512.1051

synaptics vfs75xx_firmware 5.5.2734.1050

synaptics vfs75xx_firmware 5.5.2810.1050

lenovo thinkpad_25_firmware

lenovo thankpad_a475_firmware

lenovo thankpad_a485_firmware

lenovo thinkpad_e480_firmware

lenovo thinkpad_e580_firmware

lenovo thinkpad_e485_firmware

lenovo thinkpad_e585_firmware

lenovo thinkpad_e490s_firmware

lenovo thinkpad_s3_firmware

lenovo thinkpad_e490_firmware

lenovo thinkpad_e590_firmware

lenovo thinkpad_r490_firmware

lenovo thinkpad_r590_firmware

lenovo thinkpad_l480_firmware

lenovo thinkpad_l580_firmware

lenovo thinkpad_p1_firmware

lenovo thinkpad_p1_gen_2_firmware

lenovo thinkpad_x1_extreme_2nd_firmware

lenovo thinkpad_p43s_firmware

lenovo thinkpad_p50_firmware

lenovo thinkpad_p51_firmware

lenovo thinkpad_p51s_\\(20jx\\)_firmware

lenovo thinkpad_p51s_\\(20kx\\)_firmware

lenovo thinkpad_p51s_\\(20hx\\)_firmware

lenovo thinkpad_p52_firmware

lenovo thinkpad_p52s_firmware

lenovo thinkpad_p53_firmware

lenovo thinkpad_p53s_firmware

lenovo thinkpad_p70_firmware

lenovo thinkpad_p71_\\(20hx\\)_firmware

lenovo thinkpad_p72_firmware

lenovo thinkpad_p73_firmware

lenovo thinkpad_t25_\\(20k7\\)_firmware

lenovo thinkpad_t460p_firmware

lenovo thinkpad_t460s_firmware

lenovo thinkpad_t470_\\(20hx\\)_firmware

lenovo thinkpad_t470_\\(20jx\\)_firmware

lenovo thinkpad_t470p_firmware

lenovo thinkpad_t470s_\\(20hx\\)_firmware

lenovo thinkpad_t470s_\\(20jx\\)_firmware

lenovo thinkpad_t480_firmware

lenovo thinkpad_t480s_firmware

lenovo thinkpad_t490_firmware

lenovo thinkpad_t490s_firmware

lenovo thinkpad_t570_\\(20hx\\)_firmware

lenovo thinkpad_t570\\(20jx\\)_firmware

lenovo thinkpad_t580_firmware

lenovo thinkpad_t590_firmware

lenovo thinkpad_x1_carbon_\\(20hx\\)_firmware

lenovo thinkpad_x1_carbon_\\(20kx\\)_firmware

lenovo thinkpad_x1_carbon_firmware

lenovo thinkpad_x1_yoga_4th_gen_firmware

lenovo thinkpad_x1_extreme_firmware

lenovo thinkpad_x1_tablet_firmware

lenovo thinkpad_x1_tablet_\\(20jx\\)_firmware

lenovo thinkpad_x1_yoga_firmware

lenovo thinkpad_x1_yoga_\\(20jx\\)_firmware

lenovo thinkpad_x1_yoga_3rd_gen_firmware

lenovo thinkpad_x270_firmware

lenovo thinkpad_x280_firmware

lenovo thinkpad_x380_yoga_firmware

lenovo thinkpad_x390_firmware

lenovo thinkpad_x390_yoga_firmware

lenovo thinkpad_yoga_370_firmware

lenovo thinkpad_s1_3rd_firmware

lenovo thinkpad_yoga_260_firmware

lenovo thinkpad_yoga_s1_firmware

lenovo thinkpad_a275_firmware

hp elite_x2_1012_g2_firmware

hp elite_x2_1013_g3_firmware

hp elite_x2_g4_firmware

hp elitebook_1040_g4_firmware

hp elitebook_1050_g1_firmware

hp elitebook_735_g5_firmware

hp elitebook_735_g6_firmware

hp elitebook_745_g5_firmware

hp elitebook_745_g6_firmware

hp elitebook_755_g5_firmware

hp elitebook_830_g5_firmware

hp elitebook_830_g6_firmware

hp elitebook_836_g5_firmware

hp elitebook_836_g6_firmware

hp elitebook_840_g5_firmware

hp elitebook_840_g5_healthcare_edition_firmware

hp elitebook_840_g6_firmware

hp elitebook_840_g6_healthcare_edition_firmware

hp elitebook_846_g5_firmware

hp elitebook_846_g5_healthcare_edition_firmware

hp elitebook_846_g6_firmware

hp elitebook_846_g6_healthcare_edition_firmware

hp elitebook_850_g5_firmware

hp elitebook_850_g6_firmware

hp elitebook_x360_1020_g2_firmware

hp elitebook_x360_1030_g2_firmware

hp elitebook_x360_1030_g3_firmware

hp elitebook_x360_1030_g4_firmware

hp elitebook_x360_1040_g5_firmware

hp elitebook_x360_1040_g6_firmware

hp elitebook_x360_830_g5_firmware

hp elitebook_x360_830_g6_firmware

hp pro_x2_612_g2_firmware

hp probook_430_g6_firmware

hp probook_440_g6_firmware

hp probook_445_g6_firmware

hp probook_445r_g6_firmware

hp probook_450_g6_firmware

hp probook_455_g6_firmware

hp probook_455r_g6_firmware

hp probook_640_g5_firmware

hp probook_650_g5_firmware

hp zbook_14u_g5_firmware

hp zbook_14u_g6_firmware

hp zbook_15_g5_firmware

hp zbook_15_g6_firmware

hp zbook_15u_g5_firmware

hp zbook_15u_g6_firmware

hp zbook_17_g5_firmware

hp zbook_17_g6_firmware

hp zbook_studio_g5_firmware

hp zbook_studio_x360_g5_firmware

hp zhan_66_pro_13_g2_firmware

hp zhan_66_pro_14_g2_firmware

hp zhan_66_pro_15_g2_firmware

hp zhan_x_13_g2_firmware

hp elite_slice_firmware

hp eliteone_1000_g1_firmware

hp eliteone_1000_g2_firmware

hp mt44_firmware

hp mt45_firmware

hp envy_x360_firmware

hp pavilion_x360_firmware

hp spectre_x360_firmware

Vendor Advisories

HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBHF03674 rev. 1 - Synaptics® VFS75xx Fingerprint Sensors Equipped with External Flash
Synaptics has notified HP of a potential security vulnerability in certain versions of VFS75xx Fingerprint Sensors equipped with external flash, which may allow a local administrator or physical attacker to compromise the confidentiality of the fingerprint sensor’s data The Synaptics Security Brief for this vulnerability can be found on the Syna ...
HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBHF03674 rev. 1 - Synaptics® VFS75xx Fingerprint Sensors Equipped with External Flash
Synaptics has notified HP of a potential security vulnerability in certain versions of VFS75xx Fingerprint Sensors equipped with external flash, which may allow a local administrator or physical attacker to compromise the confidentiality of the fingerprint sensor’s data The Synaptics Security Brief for this vulnerability can be found on the Syna ...

References

NVD-CWE-noinfohttps://www.synaptics.com/company/blog/https://support.lenovo.com/us/en/product_security/LEN-31372https://www.synaptics.com/sites/default/files/fingerprint-sensor-VFS7500-security-brief-2020-07-14.pdfhttps://support.hp.com/us-en/document/c06696474https://nvd.nist.govhttps://support.hp.com/us-en/document/c06696474
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30043cameraCVE-2023-40404CVE-2024-2793client sideCVE-2024-4469CVE-2024-3565CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook