CVE-2021-20793
Last modified
CVE-2021-20793 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Untrusted search path vulnerability in the installer of Sony Audio USB Driver V1.10 and prior and the installer of HAP Music Transfer Ver.1.3.0 and prior allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory.. EPSS estimates a 0.32% chance of exploitation in the next 30 days.
Description
Untrusted search path vulnerability in the installer of Sony Audio USB Driver V1.10 and prior and the installer of HAP Music Transfer Ver.1.3.0 and prior allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory.
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sony | Audio Usb Driver | <= 1.10 |
| Sony | Hap Music Transfer | <= 1.3.0 |
References
- https://jvn.jp/en/jp/JVN80288258/index.htmlThird Party Advisory
- https://www.sony.co.uk/electronics/support/software/00266642Product, Vendor Advisory
- https://www.sony.co.uk/electronics/support/software/00266749Product, Vendor Advisory
- https://www.sony.co.uk/electronics/support/software/00266758Product, Vendor Advisory
- https://jvn.jp/en/jp/JVN80288258/index.htmlThird Party Advisory
- https://www.sony.co.uk/electronics/support/software/00266642Product, Vendor Advisory
- https://www.sony.co.uk/electronics/support/software/00266749Product, Vendor Advisory
- https://www.sony.co.uk/electronics/support/software/00266758Product, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-20793?
How severe is CVE-2021-20793?
How do I fix CVE-2021-20793?
Are you affected by CVE-2021-20793?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST