CVE & CISA-KEV Catalog

CVE-2019-18618

MEDIUM
6.0
CVSS v3
NVD

Description

Incorrect access control in the firmware of Synaptics VFS75xx family fingerprint sensors that include external flash (all versions prior to 2019-11-15) allows a local administrator or physical attacker to compromise the confidentiality of sensor data via injection of an unverified partition table.

How to fix

Remediation Available
elite slice firmwareNVD
Affected:< 5.2.3110.26Fixed in:5.2.3110.26CVE-2019-18618derived from NVD
elite x2 1012 g2 firmwareNVD
Affected:< 5.2.5026.26Fixed in:5.2.5026.26CVE-2019-18618derived from NVD
elite x2 1013 g3 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
elite x2 g4 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
elitebook 1040 g4 firmwareNVD
Affected:< 5.2.5026.26Fixed in:5.2.5026.26CVE-2019-18618derived from NVD
elitebook 1050 g1 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
elitebook 735 g5 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
elitebook 735 g6 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
elitebook 745 g5 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
elitebook 745 g6 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
elitebook 755 g5 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
elitebook 830 g5 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
elitebook 830 g6 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
elitebook 836 g5 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
elitebook 836 g6 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
elitebook 840 g5 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
elitebook 840 g5 healthcare edition firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
elitebook 840 g6 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
elitebook 840 g6 healthcare edition firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
elitebook 846 g5 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
elitebook 846 g5 healthcare edition firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
elitebook 846 g6 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
elitebook 846 g6 healthcare edition firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
elitebook 850 g5 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
elitebook 850 g6 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
elitebook x360 1020 g2 firmwareNVD
Affected:< 5.2.5026.26Fixed in:5.2.5026.26CVE-2019-18618derived from NVD
elitebook x360 1030 g2 firmwareNVD
Affected:< 5.2.5026.26Fixed in:5.2.5026.26CVE-2019-18618derived from NVD
elitebook x360 1030 g3 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
elitebook x360 1030 g4 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
elitebook x360 1040 g5 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
elitebook x360 1040 g6 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
elitebook x360 830 g5 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
elitebook x360 830 g6 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
eliteone 1000 g1 firmwareNVD
Affected:< 5.2.5026.26Fixed in:5.2.5026.26CVE-2019-18618derived from NVD
eliteone 1000 g2 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
envy x360 firmwareNVD
Affected:< 5.5.26.1102Fixed in:5.5.26.1102CVE-2019-18618derived from NVD
mt44 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
mt45 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
pavilion x360 firmwareNVD
Affected:< 5.5.8.1116Fixed in:5.5.8.1116CVE-2019-18618derived from NVD
pro x2 612 g2 firmwareNVD
Affected:< 5.2.5026.26Fixed in:5.2.5026.26CVE-2019-18618derived from NVD
probook 430 g6 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
probook 440 g6 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
probook 445 g6 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
probook 445r g6 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
probook 450 g6 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
probook 455 g6 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
probook 455r g6 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
probook 640 g5 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
probook 650 g5 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
spectre x360 firmwareNVD
Affected:< 5.5.26.1102Fixed in:5.5.26.1102CVE-2019-18618derived from NVD
thankpad a475 firmwareNVD
Affected:< 5.02.3539.0026Fixed in:5.02.3539.0026CVE-2019-18618derived from NVD
thankpad a485 firmwareNVD
Affected:< 5.03.3542.0026Fixed in:5.03.3542.0026CVE-2019-18618derived from NVD
thinkpad 25 firmwareNVD
Affected:< 5.2.3540.26Fixed in:5.2.3540.26CVE-2019-18618derived from NVD
thinkpad a275 firmwareNVD
Affected:< 5.2.3535.26Fixed in:5.2.3535.26CVE-2019-18618derived from NVD
thinkpad e480 firmwareNVD
Affected:< 5.2.321.26Fixed in:5.2.321.26CVE-2019-18618derived from NVD
thinkpad e485 firmwareNVD
Affected:< 5.2.321.26Fixed in:5.2.321.26CVE-2019-18618derived from NVD
thinkpad e490 firmwareNVD
Affected:< 5.2.321.26Fixed in:5.2.321.26CVE-2019-18618derived from NVD
thinkpad e490s firmwareNVD
Affected:< 5.2.321.26Fixed in:5.2.321.26CVE-2019-18618derived from NVD
thinkpad e580 firmwareNVD
Affected:< 5.2.321.26Fixed in:5.2.321.26CVE-2019-18618derived from NVD
thinkpad e585 firmwareNVD
Affected:< 5.2.321.26Fixed in:5.2.321.26CVE-2019-18618derived from NVD
thinkpad e590 firmwareNVD
Affected:< 5.2.321.26Fixed in:5.2.321.26CVE-2019-18618derived from NVD
thinkpad l480 firmwareNVD
Affected:< 5.3.3542.26Fixed in:5.3.3542.26CVE-2019-18618derived from NVD
thinkpad l580 firmwareNVD
Affected:< 5.3.3542.26Fixed in:5.3.3542.26CVE-2019-18618derived from NVD
thinkpad p1 firmwareNVD
Affected:< 5.3.3542.26Fixed in:5.3.3542.26CVE-2019-18618derived from NVD
thinkpad p1 gen 2 firmwareNVD
Affected:< 6.0.36.1105Fixed in:6.0.36.1105CVE-2019-18618derived from NVD
thinkpad p43s firmwareNVD
Affected:< 6.0.36.1105Fixed in:6.0.36.1105CVE-2019-18618derived from NVD
thinkpad p50 firmwareNVD
Affected:< 5.1.338.26Fixed in:5.1.338.26CVE-2019-18618derived from NVD
thinkpad p51 firmwareNVD
Affected:< 5.2.3540.26Fixed in:5.2.3540.26CVE-2019-18618derived from NVD
thinkpad p51s \(20hx\) firmwareNVD
Affected:< 5.2.3540.26Fixed in:5.2.3540.26CVE-2019-18618derived from NVD
thinkpad p51s \(20jx\) firmwareNVD
Affected:< 5.2.3540.26Fixed in:5.2.3540.26CVE-2019-18618derived from NVD
thinkpad p51s \(20kx\) firmwareNVD
Affected:< 5.2.3540.26Fixed in:5.2.3540.26CVE-2019-18618derived from NVD
thinkpad p52 firmwareNVD
Affected:< 5.2.3540.26Fixed in:5.2.3540.26CVE-2019-18618derived from NVD
thinkpad p52s firmwareNVD
Affected:< 5.3.3542.26Fixed in:5.3.3542.26CVE-2019-18618derived from NVD
thinkpad p53 firmwareNVD
Affected:< 6.0.36.1105Fixed in:6.0.36.1105CVE-2019-18618derived from NVD
thinkpad p53s firmwareNVD
Affected:< 6.0.36.1105Fixed in:6.0.36.1105CVE-2019-18618derived from NVD
thinkpad p70 firmwareNVD
Affected:< 5.1.338.26Fixed in:5.1.338.26CVE-2019-18618derived from NVD
thinkpad p71 \(20hx\) firmwareNVD
Affected:< 5.2.3540.26Fixed in:5.2.3540.26CVE-2019-18618derived from NVD
thinkpad p72 firmwareNVD
Affected:< 5.3.3542.26Fixed in:5.3.3542.26CVE-2019-18618derived from NVD
thinkpad p73 firmwareNVD
Affected:< 5.3.3542.26Fixed in:5.3.3542.26CVE-2019-18618derived from NVD
thinkpad r490 firmwareNVD
Affected:< 5.2.321.26Fixed in:5.2.321.26CVE-2019-18618derived from NVD
thinkpad r590 firmwareNVD
Affected:< 5.2.321.26Fixed in:5.2.321.26CVE-2019-18618derived from NVD
thinkpad s1 3rd firmwareNVD
Affected:< 5.2.3540.26Fixed in:5.2.3540.26CVE-2019-18618derived from NVD
thinkpad s3 firmwareNVD
Affected:< 5.2.321.26Fixed in:5.2.321.26CVE-2019-18618derived from NVD
thinkpad t25 \(20k7\) firmwareNVD
Affected:< 5.2.3540.26Fixed in:5.2.3540.26CVE-2019-18618derived from NVD
thinkpad t460p firmwareNVD
Affected:< 5.1.338.26Fixed in:5.1.338.26CVE-2019-18618derived from NVD
thinkpad t460s firmwareNVD
Affected:< 5.1.338.26Fixed in:5.1.338.26CVE-2019-18618derived from NVD
thinkpad t470 \(20hx\) firmwareNVD
Affected:< 5.2.3540.26Fixed in:5.2.3540.26CVE-2019-18618derived from NVD
thinkpad t470 \(20jx\) firmwareNVD
Affected:< 5.2.3540.26Fixed in:5.2.3540.26CVE-2019-18618derived from NVD
thinkpad t470p firmwareNVD
Affected:< 5.2.3540.26Fixed in:5.2.3540.26CVE-2019-18618derived from NVD
thinkpad t470s \(20hx\) firmwareNVD
Affected:< 5.2.3540.26Fixed in:5.2.3540.26CVE-2019-18618derived from NVD
thinkpad t470s \(20jx\) firmwareNVD
Affected:< 5.2.3540.26Fixed in:5.2.3540.26CVE-2019-18618derived from NVD
thinkpad t480 firmwareNVD
Affected:< 5.3.3542.26Fixed in:5.3.3542.26CVE-2019-18618derived from NVD
thinkpad t480s firmwareNVD
Affected:< 5.3.3542.26Fixed in:5.3.3542.26CVE-2019-18618derived from NVD
thinkpad t490 firmwareNVD
Affected:< 6.0.36.1105Fixed in:6.0.36.1105CVE-2019-18618derived from NVD
thinkpad t490s firmwareNVD
Affected:< 6.0.36.1105Fixed in:6.0.36.1105CVE-2019-18618derived from NVD
thinkpad t570\(20jx\) firmwareNVD
Affected:< 5.2.3540.26Fixed in:5.2.3540.26CVE-2019-18618derived from NVD
thinkpad t570 \(20hx\) firmwareNVD
Affected:< 5.2.3540.26Fixed in:5.2.3540.26CVE-2019-18618derived from NVD
thinkpad t580 firmwareNVD
Affected:< 5.3.3542.26Fixed in:5.3.3542.26CVE-2019-18618derived from NVD
thinkpad t590 firmwareNVD
Affected:< 6.0.36.1105Fixed in:6.0.36.1105CVE-2019-18618derived from NVD
thinkpad x1 carbon \(20hx\) firmwareNVD
Affected:< 5.2.3540.26Fixed in:5.2.3540.26CVE-2019-18618derived from NVD
thinkpad x1 carbon \(20kx\) firmwareNVD
Affected:< 5.3.3542.26Fixed in:5.3.3542.26CVE-2019-18618derived from NVD
thinkpad x1 carbon firmwareNVD
Affected:< 5.1.338.26Fixed in:5.1.338.26CVE-2019-18618derived from NVD
thinkpad x1 extreme 2nd firmwareNVD
Affected:< 6.0.36.1105Fixed in:6.0.36.1105CVE-2019-18618derived from NVD
thinkpad x1 extreme firmwareNVD
Affected:< 5.3.3542.26Fixed in:5.3.3542.26CVE-2019-18618derived from NVD
thinkpad x1 tablet \(20jx\) firmwareNVD
Affected:< 5.2.227.26Fixed in:5.2.227.26CVE-2019-18618derived from NVD
thinkpad x1 tablet firmwareNVD
Affected:< 5.5.40.1058Fixed in:5.5.40.1058CVE-2019-18618derived from NVD
thinkpad x1 yoga 3rd gen firmwareNVD
Affected:< 5.3.3542.26Fixed in:5.3.3542.26CVE-2019-18618derived from NVD
thinkpad x1 yoga 4th gen firmwareNVD
Affected:< 5.1.338.26Fixed in:5.1.338.26CVE-2019-18618derived from NVD
thinkpad x1 yoga \(20jx\) firmwareNVD
Affected:< 5.2.3540.26Fixed in:5.2.3540.26CVE-2019-18618derived from NVD
thinkpad x1 yoga firmwareNVD
Affected:< 5.1.338.26Fixed in:5.1.338.26CVE-2019-18618derived from NVD
thinkpad x270 firmwareNVD
Affected:< 5.2.3540.26Fixed in:5.2.3540.26CVE-2019-18618derived from NVD
thinkpad x280 firmwareNVD
Affected:< 5.3.3542.26Fixed in:5.3.3542.26CVE-2019-18618derived from NVD
thinkpad x380 yoga firmwareNVD
Affected:< 5.3.3542.26Fixed in:5.3.3542.26CVE-2019-18618derived from NVD
thinkpad x390 firmwareNVD
Affected:< 6.0.36.1105Fixed in:6.0.36.1105CVE-2019-18618derived from NVD
thinkpad x390 yoga firmwareNVD
Affected:< 6.0.36.1105Fixed in:6.0.36.1105CVE-2019-18618derived from NVD
thinkpad yoga 260 firmwareNVD
Affected:< 5.1.338.26Fixed in:5.1.338.26CVE-2019-18618derived from NVD
thinkpad yoga 370 firmwareNVD
Affected:< 5.2.3540.26Fixed in:5.2.3540.26CVE-2019-18618derived from NVD
thinkpad yoga s1 firmwareNVD
Affected:< 5.1.338.26Fixed in:5.1.338.26CVE-2019-18618derived from NVD
zbook 14u g5 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
zbook 14u g6 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
zbook 15 g5 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
zbook 15 g6 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
zbook 15u g5 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
zbook 15u g6 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
zbook 17 g5 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
zbook 17 g6 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
zbook studio g5 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
zbook studio x360 g5 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
zhan 66 pro 13 g2 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
zhan 66 pro 14 g2 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
zhan 66 pro 15 g2 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD
zhan x 13 g2 firmwareNVD
Affected:< 5.5.21.1099Fixed in:5.5.21.1099CVE-2019-18618derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityHigh
AvailabilityNone

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Exploit Intelligence

0.50%probability of exploitation in 30 days
39thpercentile

Low risk: more likely to be exploited than 39% of all known CVEs.

References

Embed a live status badge for CVE-2019-18618
CVE-2019-18618 severity badge

Markdown

[![CVE-2019-18618](https://tridentstack.com/cve/badge/CVE-2019-18618.svg)](https://tridentstack.com/cve/CVE-2019-18618)

HTML

<a href="https://tridentstack.com/cve/CVE-2019-18618"><img src="https://tridentstack.com/cve/badge/CVE-2019-18618.svg" alt="CVE-2019-18618"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.