What is CVE-2020-8337?

CVE-2020-8337 is a medium-severity vulnerability in Lenovo 5-15ikb, classified under Unquoted Search Path or Element. CVSS score: 6.7/10. Published 2020-06-09.

How severe is CVE-2020-8337?

Medium severity. CVSS v3 base score is 6.7 out of 10.

Vulnerability in Lenovo 5-15ikb

CVE-2020-8337

An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary c…

EPSS: 0.004 (29.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.7 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Lenovo 5-15ikb
Lenovo Air-14_2019
Lenovo C340-14iwl
Lenovo Flex-14iwl
Lenovo S540-14iwl
Lenovo S540-14iwl_touch
Lenovo Synaptics Smart Audio Uwp App — versions unspecified
Lenovo Thinkpad_11e
Lenovo Thinkpad_13
Lenovo Thinkpad_a275

Weakness classification (CWE)

CWE-428 — Unquoted Search Path or Element

References

psirt@lenovo.com (x_refsource_MISC, Vendor Advisory)
psirt@lenovo.com (x_refsource_MISC, Vendor Advisory)

Frequently asked questions

What is CVE-2020-8337?: CVE-2020-8337 is a medium-severity vulnerability in Lenovo 5-15ikb, classified under Unquoted Search Path or Element. CVSS score: 6.7/10. Published 2020-06-09.
How severe is CVE-2020-8337?: Medium severity. CVSS v3 base score is 6.7 out of 10.