What is CVE-2019-19705?

CVE-2019-19705 is a high-severity vulnerability in Lenovo Aio300-23isu, classified under Unquoted Search Path or Element. CVSS score: 7.8/10. Published 2022-12-26.

How severe is CVE-2019-19705?

High severity. CVSS v3 base score is 7.8 out of 10.

Vulnerability in Lenovo Aio300-23isu

CVE-2019-19705

Realtek Audio Drivers for Windows, as used on the Lenovo ThinkPad X1 Carbon 20A7, 20A8, 20BS, and 20BT before 6.0.8882.1 and 20KH and 20KG before 6.0.8907.1 (and on many other Lenovo and non-Lenovo products), mishandles DLL preloading.

EPSS: 0.002 (10.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Lenovo Aio300-23isu
Lenovo Aio300-23isu_firmware
Lenovo Aio310-20iap
Lenovo Aio310-20iap_firmware
Lenovo Aio510-22ish
Lenovo Aio510-22ish_firmware
Lenovo Aio510-23ish
Lenovo Aio510-23ish_firmware
Lenovo Aio520-22ikl
Lenovo Aio520-22ikl_firmware

Weakness classification (CWE)

CWE-428 — Unquoted Search Path or Element

References

cve@mitre.org (Vendor Advisory)

Frequently asked questions

What is CVE-2019-19705?: CVE-2019-19705 is a high-severity vulnerability in Lenovo Aio300-23isu, classified under Unquoted Search Path or Element. CVSS score: 7.8/10. Published 2022-12-26.
How severe is CVE-2019-19705?: High severity. CVSS v3 base score is 7.8 out of 10.