CVE-2020-15596
MEDIUMHP Elite X2 1012 G1 Firmware - Uncontrolled Search Path
Title source: ruleDescription
The ALPS ALPINE touchpad driver before 8.2206.1717.634, as used on various Dell, HP, and Lenovo laptops, allows attackers to conduct Path Disclosure attacks via a "fake" DLL file.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://support.hp.com/document/c06706305
Mailing List, Third Party Advisory x_refsource_misc
https://seclists.org/fulldisclosure/2020/Jul/30
Scores
CVSS v3
6.7
EPSS
0.0011
EPSS Percentile
28.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-427
Status
published
Products (14)
hp/elite_x2_1012_g1_firmware
< 8.2206.1717.166
hp/elite_x2_1012_g2_firmware
< 8.2206.1717.634
hp/elitebook_1030_g1_firmware
< 8.2206.1717.166
hp/elitebook_1040_g4_firmware
< 8.2206.1717.634
hp/elitebook_folio_1040_g3_firmware
< 8.2206.1717.166
hp/elitebook_folio_g1_firmware
< 8.2206.1717.166
hp/elitebook_revolve_810_g2_firmware
< 10.1201.1717.108
hp/elitebook_revolve_810_g3_firmware
< 10.1201.1717.108
hp/elitebook_x360_1020_g2_firmware
< 8.2206.1717.634
hp/elitebook_x360_1030_g2_firmware
< 8.2206.1717.634
... and 4 more
Published
Aug 12, 2020
Tracked Since
Feb 18, 2026