{"api_version":"1","generated_at":"2026-04-23T08:15:20+00:00","cve":"CVE-2021-20793","urls":{"html":"https://cve.report/CVE-2021-20793","api":"https://cve.report/api/cve/CVE-2021-20793.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-20793","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-20793"},"summary":{"title":"CVE-2021-20793","description":"Untrusted search path vulnerability in the installer of Sony Audio USB Driver V1.10 and prior and the installer of HAP Music Transfer Ver.1.3.0 and prior allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory.","state":"PUBLIC","assigner":"vultures@jpcert.or.jp","published_at":"2021-08-26 02:15:00","updated_at":"2021-09-01 21:23:00"},"problem_types":["CWE-427"],"metrics":[],"references":[{"url":"https://www.sony.co.uk/electronics/support/software/00266749","name":"https://www.sony.co.uk/electronics/support/software/00266749","refsource":"MISC","tags":[],"title":"Sony USB Audio Driver for Windows | Sony UK","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://jvn.jp/en/jp/JVN80288258/index.html","name":"https://jvn.jp/en/jp/JVN80288258/index.html","refsource":"MISC","tags":[],"title":"JVN#80288258: The installers of multiple Sony products may insecurely load Dynamic Link Libraries","mime":"text/xml","httpstatus":"200","archivestatus":"404"},{"url":"https://www.sony.co.uk/electronics/support/software/00266642","name":"https://www.sony.co.uk/electronics/support/software/00266642","refsource":"MISC","tags":[],"title":"HAP Music Transfer 1.3.0 for HAP audio player system (Windows) | Sony UK","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.sony.co.uk/electronics/support/software/00266758","name":"https://www.sony.co.uk/electronics/support/software/00266758","refsource":"MISC","tags":[],"title":"Driver for Microsoft Windows | Sony UK","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-20793","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20793","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"20793","vulnerable":"1","versionEndIncluding":"1.10","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sony","cpe5":"audio_usb_driver","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"20793","vulnerable":"1","versionEndIncluding":"1.3.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sony","cpe5":"hap_music_transfer","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-20793","ASSIGNER":"vultures@jpcert.or.jp","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Sony Corporation","product":{"product_data":[{"product_name":"The installers of multiple Sony products","version":{"version_data":[{"version_value":"The installer of Sony Audio USB Driver V1.10 and prior and The installer of HAP Music Transfer Ver.1.3.0 and prior"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Untrusted search path vulnerability"}]}]},"references":{"reference_data":[{"url":"https://www.sony.co.uk/electronics/support/software/00266749","refsource":"MISC","name":"https://www.sony.co.uk/electronics/support/software/00266749"},{"url":"https://www.sony.co.uk/electronics/support/software/00266758","refsource":"MISC","name":"https://www.sony.co.uk/electronics/support/software/00266758"},{"url":"https://www.sony.co.uk/electronics/support/software/00266642","refsource":"MISC","name":"https://www.sony.co.uk/electronics/support/software/00266642"},{"url":"https://jvn.jp/en/jp/JVN80288258/index.html","refsource":"MISC","name":"https://jvn.jp/en/jp/JVN80288258/index.html"}]},"description":{"description_data":[{"lang":"eng","value":"Untrusted search path vulnerability in the installer of Sony Audio USB Driver V1.10 and prior and the installer of HAP Music Transfer Ver.1.3.0 and prior allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory."}]}},"nvd":{"publishedDate":"2021-08-26 02:15:00","lastModifiedDate":"2021-09-01 21:23:00","problem_types":["CWE-427"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":4.4},"severity":"MEDIUM","exploitabilityScore":3.4,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:sony:audio_usb_driver:*:*:*:*:*:*:*:*","versionEndIncluding":"1.10","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:sony:hap_music_transfer:*:*:*:*:*:*:*:*","versionEndIncluding":"1.3.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"20793","Ordinal":"194838","Title":"CVE-2021-20793","CVE":"CVE-2021-20793","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"20793","Ordinal":"1","NoteData":"Untrusted search path vulnerability in the installer of Sony Audio USB Driver V1.10 and prior and the installer of HAP Music Transfer Ver.1.3.0 and prior allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"20793","Ordinal":"2","NoteData":"2021-08-25","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"20793","Ordinal":"3","NoteData":"2021-08-25","Type":"Other","Title":"Modified"}]}}}