PT-2021-14248 · Sony · Sony Audio Usb Driver+1

Hogo Kumamaru

Published

2021-08-26

Updated

2021-09-01

CVE-2021-20793

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Sony Audio USB Driver versions 1.10 and prior HAP Music Transfer versions 1.3.0 and prior

Description: The issue allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory. This is due to an untrusted search path vulnerability in the installer of the affected software.

Recommendations: For Sony Audio USB Driver versions 1.10 and prior, update to a version later than 1.10 to resolve the issue. For HAP Music Transfer versions 1.3.0 and prior, update to a version later than 1.3.0 to resolve the issue. As a temporary workaround, consider restricting access to the installer to minimize the risk of exploitation.

Fix

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-427

Related Identifiers

CVE-2021-20793

Affected Products

Hap Music Transfer

Sony Audio Usb Driver

PT-2021-14248 · Sony · Sony Audio Usb Driver+1

CVE-2021-20793

Weakness Enumeration

Related Identifiers

Affected Products

References · 7