CVE-2020-8337

low-risk
Published 2020-06-09

An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code.

Do I need to act?

-
0.05% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.7/10 Medium
LOCAL / LOW complexity

Affected Products (1)

Smart Audio Uwp

Affected Vendors

Synaptics

References (4)

Vendor Advisory https://support.lenovo.com/us/en/product_security/len-30707
Vendor Advisory https://www.synaptics.com/sites/default/files/audio-driver-security-brief-2020-0...
Vendor Advisory https://support.lenovo.com/us/en/product_security/len-30707
Vendor Advisory https://www.synaptics.com/sites/default/files/audio-driver-security-brief-2020-0...
26
/ 100
low-risk
Severity 21/34 · High
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal