CVE-2021-20793

Опубликовано: 26 авг. 2021

Источник: nvd

CVSS3: 7.8

CVSS2: 4.4

EPSS Низкий

Описание

Untrusted search path vulnerability in the installer of Sony Audio USB Driver V1.10 and prior and the installer of HAP Music Transfer Ver.1.3.0 and prior allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory.

Ссылки

https://jvn.jp/en/jp/JVN80288258/index.html
Third Party Advisory
https://www.sony.co.uk/electronics/support/software/00266642
Product
Vendor Advisory
https://www.sony.co.uk/electronics/support/software/00266749
Product
Vendor Advisory
https://www.sony.co.uk/electronics/support/software/00266758
Product
Vendor Advisory
https://jvn.jp/en/jp/JVN80288258/index.html
Third Party Advisory
https://www.sony.co.uk/electronics/support/software/00266642
Product
Vendor Advisory
https://www.sony.co.uk/electronics/support/software/00266749
Product
Vendor Advisory
https://www.sony.co.uk/electronics/support/software/00266758
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sony:audio_usb_driver:*:*:*:*:*:*:*:*

Версия до 1.10 (включая)

Конфигурация 2

cpe:2.3:a:sony:hap_music_transfer:*:*:*:*:*:*:*:*

Версия до 1.3.0 (включая)

EPSS

Процентиль: 42%

0.00205

Низкий

7.8 High

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-427

Связанные уязвимости

GHSA-jh73-c7v7-m9wf

github

больше 3 лет назад