Information Disclosure Vulnerability in Synaptics TouchPad Drivers by Synaptics
CVE-2017-17556

5.1MEDIUM

Key Information:

Vendor
HP
Status
Synaptics ToucHPad Driver
Vendor
CVE Published:
15 December 2017

Summary

A vulnerability in Synaptics TouchPad drivers allows local users with administrative privileges to exploit a debug tool and gain access to sensitive information, such as keyboard scan codes. By altering specific registry keys, users can leverage this weakness to compromise the confidentiality of keyboard inputs, potentially exposing sensitive data entered by the user. This vulnerability underscores the importance of secure driver configurations and access controls to protect against unauthorized access.

References

https://www.synaptics.com/company/blog/touchpad-security-...
x_refsource_CONFIRM
https://zwclose.github.io/HP-keylogger/
x_refsource_MISC
https://support.hp.com/us-en/document/c05827409
vendor-advisoryx_refsource_HP

CVSS V3.1

Score:
5.1
Severity:
MEDIUM
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.