Vulnerability Details CVE-2021-20793
Untrusted search path vulnerability in the installer of Sony Audio USB Driver V1.10 and prior and the installer of HAP Music Transfer Ver.1.3.0 and prior allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.1%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 4.4
References
- https://jvn.jp/en/jp/JVN80288258/index.html
- https://www.sony.co.uk/electronics/support/software/00266642
- https://www.sony.co.uk/electronics/support/software/00266749
- https://www.sony.co.uk/electronics/support/software/00266758
- https://jvn.jp/en/jp/JVN80288258/index.html
- https://www.sony.co.uk/electronics/support/software/00266642
- https://www.sony.co.uk/electronics/support/software/00266749
- https://www.sony.co.uk/electronics/support/software/00266758
Products affected by CVE-2021-20793
-
cpe:2.3:a:sony:audio_usb_driver:-
-
cpe:2.3:a:sony:audio_usb_driver:1.10
-
cpe:2.3:a:sony:hap_music_transfer:-
-
cpe:2.3:a:sony:hap_music_transfer:1.3.0