Untrusted Search Path Vulnerability in Sony Audio USB Driver and HAP Music Transfer
CVE-2021-20793

7.8HIGH

Key Information:

Vendor

Sony Corporation

Status
The Installers Of Multiple Sony Products
Vendor
CVE Published:
26 August 2021

What is CVE-2021-20793?

An untrusted search path vulnerability exists in the installer of the Sony Audio USB Driver and HAP Music Transfer. This flaw allows an attacker to exploit a trojan horse DLL located in an unspecified directory, leading to privilege escalation and the potential execution of arbitrary code. Users are advised to update their software to mitigate this risk.

Affected Version(s)

The installers of multiple Sony products The installer of Sony Audio USB Driver V1.10 and prior and The installer of HAP Music Transfer Ver.1.3.0 and prior

References

https://www.sony.co.uk/electronics/support/software/00266749
x_refsource_MISC
https://www.sony.co.uk/electronics/support/software/00266758
x_refsource_MISC
https://www.sony.co.uk/electronics/support/software/00266642
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2021-20793 : Untrusted Search Path Vulnerability in Sony Audio USB Driver and HAP Music Transfer