← Volver a CVEs
CVE-2021-20793
HIGH7.8
Descripcion
Untrusted search path vulnerability in the installer of Sony Audio USB Driver V1.10 and prior and the installer of HAP Music Transfer Ver.1.3.0 and prior allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory.
Detalles CVE
Puntuacion CVSS v3.17.8
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioREQUIRED
Publicado8/26/2021
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
sony:audio_usb_driversony:hap_music_transfer
Debilidades (CWE)
CWE-427
Referencias
https://jvn.jp/en/jp/JVN80288258/index.html(vultures@jpcert.or.jp)
https://www.sony.co.uk/electronics/support/software/00266642(vultures@jpcert.or.jp)
https://www.sony.co.uk/electronics/support/software/00266749(vultures@jpcert.or.jp)
https://www.sony.co.uk/electronics/support/software/00266758(vultures@jpcert.or.jp)
https://jvn.jp/en/jp/JVN80288258/index.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.sony.co.uk/electronics/support/software/00266642(af854a3a-2127-422b-91ae-364da2661108)
https://www.sony.co.uk/electronics/support/software/00266749(af854a3a-2127-422b-91ae-364da2661108)
https://www.sony.co.uk/electronics/support/software/00266758(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.