Vulnerability Details : CVE-2021-20793
Untrusted search path vulnerability in the installer of Sony Audio USB Driver V1.10 and prior and the installer of HAP Music Transfer Ver.1.3.0 and prior allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory.
Vulnerability category: Execute code
Products affected by CVE-2021-20793
- cpe:2.3:a:sony:audio_usb_driver:*:*:*:*:*:*:*:*
- cpe:2.3:a:sony:hap_music_transfer:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-20793
0.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 56 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-20793
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.4
|
MEDIUM | AV:L/AC:M/Au:N/C:P/I:P/A:P |
3.4
|
6.4
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2021-20793
-
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-20793
-
https://www.sony.co.uk/electronics/support/software/00266749
Sony USB Audio Driver for Windows | Sony UKProduct;Vendor Advisory
-
https://jvn.jp/en/jp/JVN80288258/index.html
JVN#80288258: The installers of multiple Sony products may insecurely load Dynamic Link LibrariesThird Party Advisory
-
https://www.sony.co.uk/electronics/support/software/00266642
HAP Music Transfer 1.3.0 for HAP audio player system (Windows) | Sony UKProduct;Vendor Advisory
-
https://www.sony.co.uk/electronics/support/software/00266758
Driver for Microsoft Windows | Sony UKProduct;Vendor Advisory
Jump to