Improper Download File Verification in VAIO Update by Sony
CVE-2019-5982

7.5HIGH

Key Information:

Vendor: Sony Corporation
Status: Vaio Update
Vendor: CVE Published:; 5 July 2019

🔔 Create Sony Corporation Vulnerability Alert

What is CVE-2019-5982?

An improper download file verification vulnerability in VAIO Update versions 7.3.0.03150 and earlier allows remote attackers to exploit the system through a malicious wireless LAN access point. This security flaw facilitates man-in-the-middle attacks, enabling attackers to intercept and deliver unauthorized files to users. As a result, unsuspecting users may inadvertently download and execute malicious files, potentially compromising their systems and data.

Affected Version(s)

VAIO Update 7.3.0.03150 and earlier

References

https://www.sony.com/electronics/support/articles/00228777

x_refsource_MISC

https://jvn.jp/en/jp/JVN13555032/index.html

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 5, 2019
Vulnerability Reserved
Jan 10, 2019