PT-2020-14521 · Alps · Alps Alpine Touchpad Driver

Published

2020-07-21

Updated

2021-07-21

CVE-2020-15596

CVSS v3.1

6.7

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ALPS ALPINE touchpad driver versions prior to 8.2206.1717.634

Description The issue allows attackers to conduct Path Disclosure attacks via a "fake" DLL file. This is related to a DLL hijacking issue.

Recommendations For versions prior to 8.2206.1717.634, update to version 8.2206.1717.634 or later to resolve the issue. As a temporary workaround, consider restricting the use of the ALPS ALPINE touchpad driver until a patch is available. Avoid using potentially vulnerable DLL files in the affected driver until the issue is resolved.

Fix

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-427

Related Identifiers

CVE-2020-15596

Affected Products

Alps Alpine Touchpad Driver

PT-2020-14521 · Alps · Alps Alpine Touchpad Driver

CVE-2020-15596

Weakness Enumeration

Related Identifiers

Affected Products

References · 5