Improper Authorization Vulnerability in VAIO Update by Sony
CVE-2019-5981

7.8HIGH

Key Information:

Vendor: Sony Corporation
Status: Vaio Update
Vendor: CVE Published:; 5 July 2019

🔔 Create Sony Corporation Vulnerability Alert

What is CVE-2019-5981?

An improper authorization vulnerability has been identified in VAIO Update versions 7.3.0.03150 and earlier. This flaw permits attackers to execute arbitrary executable files with administrative privileges through unspecified vectors, potentially compromising the integrity and security of affected systems. Users of VAIO Update are advised to review their configurations and apply necessary updates to mitigate risks associated with this vulnerability.

Affected Version(s)

VAIO Update 7.3.0.03150 and earlier

References

https://www.sony.com/electronics/support/articles/00228777

x_refsource_MISC

https://jvn.jp/en/jp/JVN13555032/index.html

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 5, 2019
Vulnerability Reserved
Jan 10, 2019