Published: 05/06/2019 Updated: 24/08/2020

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 8.8 | Impact Score: 6 | Exploitability Score: 2

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Incorrect access control in the CxUtilSvc component of the Synaptics Sound Device drivers prior to version 2.29 allows a local malicious user to increase access privileges to the Windows Registry via an unpublished API.

Vulnerable Product	Search on Vulmon	Subscribe to Product
synaptics sound device

A potential security vulnerability has been identified with the Synaptics (previously Conexant) Sound Device Driver CxUtilSVcexe component Vulnerable versions of CxUtilSrvexe can allow privileged access to the registry ...

Synaptics Audio Driver LPE

CVE-2019-9730: Synaptics Audio Driver LPE The vulnerability in this driver package was with the CxUtilSvc system service It hosted a COM object that low-privileged code can use to perform arbitrary reads and writes to the registry as SYSTEM The NET code adds the IRegistryHelper COM interface as a reference to invoke its methods In terms of exploitation, a less subtle approa

NVD-CWE-noinfo https://www.synaptics.com/company/blog/https://twitter.com/Jackson_T https://support.lenovo.com/us/en/product_security/LEN-25822 https://nvd.nist.gov https://github.com/jthuraisamy/CVE-2019-9730 https://support.hp.com//us-en/document/c06298607

CVE-2019-9730

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect