CVE-2022-27094 : Sony PlayMemories Home v6.0 contains an unquoted service path which allows attac

Sony PlayMemories Home v6.0 contains an unquoted service path which allows attackers to escalate privileges to the system level.

Published 2022-05-20 13:15:15

Updated 2022-05-26 17:44:58

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2022-27094

Sony » Playmemories Home » Version: 6.0
cpe:2.3:a:sony:playmemories_home:6.0:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.03%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 5 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
6.7	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	0.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE-428 Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

Assigned by: nvd@nist.gov (Primary)

https://www.exploit-db.com/exploits/50817

Sony playmemories home - 'PMBDeviceInfoProvider' Unquoted Service Path - Windows local Exploit
Exploit;Third Party Advisory;VDB Entry

Jump to