CVE-2020-15596

moderate-risk

Published 2020-08-12

The ALPS ALPINE touchpad driver before 8.2206.1717.634, as used on various Dell, HP, and Lenovo laptops, allows attackers to conduct Path Disclosure attacks via a "fake" DLL file.

Do I need to act?

0.11% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.7/10 Medium

LOCAL / LOW complexity

Affected Products (14)

Elite X2 1012 G1 Firmware

Elite X2 1012 G2 Firmware

Elitebook 1030 G1 Firmware

Elitebook 1040 G4 Firmware

Elitebook Folio 1040 G3 Firmware

Elitebook Folio G1 Firmware

Elitebook Revolve 810 G2 Firmware

Elitebook Revolve 810 G3 Firmware

Elitebook X360 1020 G2 Firmware

Elitebook X360 1030 G2 Firmware

Pro X2 612 G2 Firmware

Zbook Studio G3 Firmware

Zbook Studio G4 Firmware

Zbook X2 G4 Firmware

Affected Vendors

References (4)

Mailing List https://seclists.org/fulldisclosure/2020/Jul/30

Vendor Advisory https://support.hp.com/document/c06706305

Mailing List https://seclists.org/fulldisclosure/2020/Jul/30

Vendor Advisory https://support.hp.com/document/c06706305

/ 100

moderate-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 18/34 · Moderate