CVE-2021-20793
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Untrusted search path vulnerability in the installer of Sony Audio USB Driver V1.10 and prior and the installer of HAP Music Transfer Ver.1.3.0 and prior allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory.
Una vulnerabilidad de ruta de búsqueda no confiable en el instalador de Sony Audio USB Driver versiones V1.10 y anteriores y en el instalador de HAP Music Transfer versión Ver.1.3.0 y anteriores, permite a un atacante alcanzar privilegios y ejecutar código arbitrario por medio de una DLL de tipo caballo de Troya en un directorio no especificado.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-12-17 CVE Reserved
- 2021-08-26 CVE Published
- 2024-08-01 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-427: Uncontrolled Search Path Element
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://jvn.jp/en/jp/JVN80288258/index.html | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.sony.co.uk/electronics/support/software/00266642 | 2021-09-01 | |
| https://www.sony.co.uk/electronics/support/software/00266749 | 2021-09-01 | |
| https://www.sony.co.uk/electronics/support/software/00266758 | 2021-09-01 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sony Search vendor "Sony" | Audio Usb Driver Search vendor "Sony" for product "Audio Usb Driver" | <= 1.10 Search vendor "Sony" for product "Audio Usb Driver" and version " <= 1.10" | - |
Affected
| ||||||
| Sony Search vendor "Sony" | Hap Music Transfer Search vendor "Sony" for product "Hap Music Transfer" | <= 1.3.0 Search vendor "Sony" for product "Hap Music Transfer" and version " <= 1.3.0" | - |
Affected
| ||||||