Vulnerability CVE-2021-20793


Published: 2021-08-26

Description:
Untrusted search path vulnerability in the installer of Sony Audio USB Driver V1.10 and prior and the installer of HAP Music Transfer Ver.1.3.0 and prior allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory.

Type:

CWE-427

(Uncontrolled Search Path Element)

CVSS2 => (AV:L/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.4/10
6.4/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
SONY -> Audio usb driver 
SONY -> Hap music transfer 

 References:
https://www.sony.co.uk/electronics/support/software/00266758
https://www.sony.co.uk/electronics/support/software/00266642
https://jvn.jp/en/jp/JVN80288258/index.html
https://www.sony.co.uk/electronics/support/software/00266749

Copyright 2024, cxsecurity.com

 

Back to Top