Sign-up

ID

VAR-201712-1127


TITLE

HP Notebook SynTP.sys File Keylogger Code Debugging Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2017-36709

DESCRIPTION

The SynTP.sys file is part of the Synaptics touchpad driver included with some HP notebook models. HP notebook SynTP.sys file key record code debugging vulnerability, the attacker can exploit the vulnerability to abuse the debugging code of the keylogger component, such as: malware developers can use the logging to disable the registry key registry to enable the keylogger behavior by default, and Users are monitored using native kernel-signed tools that are not detected by security products.

Trust: 0.6

sources: CNVD: CNVD-2017-36709

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-36709

AFFECTED PRODUCTS

vendor:hpmodel:zbookscope: - version: -

Trust: 0.6

vendor:hpmodel:probookscope: - version: -

Trust: 0.6

vendor:hpmodel:elitebookscope: - version: -

Trust: 0.6

vendor:hpmodel:streamscope: - version: -

Trust: 0.6

vendor:hpmodel:pavilionscope: - version: -

Trust: 0.6

vendor:hpmodel:envyscope: - version: -

Trust: 0.6

vendor:hpmodel:omenscope: - version: -

Trust: 0.6

vendor:hpmodel:mtscope:eqversion:**

Trust: 0.6

vendor:hpmodel: - scope:eqversion:15*

Trust: 0.6

vendor:hpmodel: - scope:eqversion:25*

Trust: 0.6

sources: CNVD: CNVD-2017-36709

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2017-36709
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2017-36709
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2017-36709

PATCH

title:HP Notebook SynTP.sys File Keylogger Code Leakage Vulnerability Patchurl:https://www.cnvd.org.cn/patchinfo/show/108571

Trust: 0.6

sources: CNVD: CNVD-2017-36709

EXTERNAL IDS

db:CNVDid:CNVD-2017-36709

Trust: 0.6

sources: CNVD: CNVD-2017-36709

REFERENCES

url:https://www.bleepingcomputer.com/news/hardware/keylogger-found-in-hp-notebook-keyboard-driver/

Trust: 0.6

sources: CNVD: CNVD-2017-36709

SOURCES

db:CNVDid:CNVD-2017-36709

LAST UPDATE DATE

2022-05-04T09:56:39.187000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-36709date:2017-12-11T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2017-36709date:2017-12-11T00:00:00