Search
Find a vulnerability
Search criteria
5 vulnerabilities found for VAIO Update by Sony Corporation
CVE-2019-5982 (GCVE-0-2019-5982)
Vulnerability from nvd – Published: 2019-07-05 13:20 – Updated: 2024-08-04 20:09
VLAI
Summary
Improper download file verification vulnerability in VAIO Update 7.3.0.03150 and earlier allows remote attackers to conduct a man-in-the-middle attack via a malicous wireless LAN access point. A successful exploitation may result in a malicious file being downloaded/executed.
Severity
No CVSS data available.
CWE
- Improper File Verification
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.sony.com/electronics/support/articles… | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN13555032/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Sony Corporation | VAIO Update |
Affected:
7.3.0.03150 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:24.026Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sony.com/electronics/support/articles/00228777"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN13555032/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VAIO Update",
"vendor": "Sony Corporation",
"versions": [
{
"status": "affected",
"version": "7.3.0.03150 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper download file verification vulnerability in VAIO Update 7.3.0.03150 and earlier allows remote attackers to conduct a man-in-the-middle attack via a malicous wireless LAN access point. A successful exploitation may result in a malicious file being downloaded/executed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper File Verification",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-05T13:20:18.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sony.com/electronics/support/articles/00228777"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN13555032/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5982",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VAIO Update",
"version": {
"version_data": [
{
"version_value": "7.3.0.03150 and earlier"
}
]
}
}
]
},
"vendor_name": "Sony Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper download file verification vulnerability in VAIO Update 7.3.0.03150 and earlier allows remote attackers to conduct a man-in-the-middle attack via a malicous wireless LAN access point. A successful exploitation may result in a malicious file being downloaded/executed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper File Verification"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sony.com/electronics/support/articles/00228777",
"refsource": "MISC",
"url": "https://www.sony.com/electronics/support/articles/00228777"
},
{
"name": "https://jvn.jp/en/jp/JVN13555032/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN13555032/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5982",
"datePublished": "2019-07-05T13:20:18.000Z",
"dateReserved": "2019-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:09:24.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5981 (GCVE-0-2019-5981)
Vulnerability from nvd – Published: 2019-07-05 13:20 – Updated: 2024-08-04 20:09
VLAI
Summary
Improper authorization vulnerability in VAIO Update 7.3.0.03150 and earlier allows an attackers to execute arbitrary executable file with administrative privilege via unspecified vectors.
Severity
No CVSS data available.
CWE
- Improper Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.sony.com/electronics/support/articles… | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN13555032/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Sony Corporation | VAIO Update |
Affected:
7.3.0.03150 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sony.com/electronics/support/articles/00228777"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN13555032/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VAIO Update",
"vendor": "Sony Corporation",
"versions": [
{
"status": "affected",
"version": "7.3.0.03150 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authorization vulnerability in VAIO Update 7.3.0.03150 and earlier allows an attackers to execute arbitrary executable file with administrative privilege via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-05T13:20:17.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sony.com/electronics/support/articles/00228777"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN13555032/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5981",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VAIO Update",
"version": {
"version_data": [
{
"version_value": "7.3.0.03150 and earlier"
}
]
}
}
]
},
"vendor_name": "Sony Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper authorization vulnerability in VAIO Update 7.3.0.03150 and earlier allows an attackers to execute arbitrary executable file with administrative privilege via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sony.com/electronics/support/articles/00228777",
"refsource": "MISC",
"url": "https://www.sony.com/electronics/support/articles/00228777"
},
{
"name": "https://jvn.jp/en/jp/JVN13555032/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN13555032/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5981",
"datePublished": "2019-07-05T13:20:17.000Z",
"dateReserved": "2019-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:09:23.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5982 (GCVE-0-2019-5982)
Vulnerability from cvelistv5 – Published: 2019-07-05 13:20 – Updated: 2024-08-04 20:09
VLAI
Summary
Improper download file verification vulnerability in VAIO Update 7.3.0.03150 and earlier allows remote attackers to conduct a man-in-the-middle attack via a malicous wireless LAN access point. A successful exploitation may result in a malicious file being downloaded/executed.
Severity
No CVSS data available.
CWE
- Improper File Verification
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.sony.com/electronics/support/articles… | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN13555032/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Sony Corporation | VAIO Update |
Affected:
7.3.0.03150 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:24.026Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sony.com/electronics/support/articles/00228777"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN13555032/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VAIO Update",
"vendor": "Sony Corporation",
"versions": [
{
"status": "affected",
"version": "7.3.0.03150 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper download file verification vulnerability in VAIO Update 7.3.0.03150 and earlier allows remote attackers to conduct a man-in-the-middle attack via a malicous wireless LAN access point. A successful exploitation may result in a malicious file being downloaded/executed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper File Verification",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-05T13:20:18.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sony.com/electronics/support/articles/00228777"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN13555032/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5982",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VAIO Update",
"version": {
"version_data": [
{
"version_value": "7.3.0.03150 and earlier"
}
]
}
}
]
},
"vendor_name": "Sony Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper download file verification vulnerability in VAIO Update 7.3.0.03150 and earlier allows remote attackers to conduct a man-in-the-middle attack via a malicous wireless LAN access point. A successful exploitation may result in a malicious file being downloaded/executed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper File Verification"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sony.com/electronics/support/articles/00228777",
"refsource": "MISC",
"url": "https://www.sony.com/electronics/support/articles/00228777"
},
{
"name": "https://jvn.jp/en/jp/JVN13555032/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN13555032/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5982",
"datePublished": "2019-07-05T13:20:18.000Z",
"dateReserved": "2019-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:09:24.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5981 (GCVE-0-2019-5981)
Vulnerability from cvelistv5 – Published: 2019-07-05 13:20 – Updated: 2024-08-04 20:09
VLAI
Summary
Improper authorization vulnerability in VAIO Update 7.3.0.03150 and earlier allows an attackers to execute arbitrary executable file with administrative privilege via unspecified vectors.
Severity
No CVSS data available.
CWE
- Improper Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.sony.com/electronics/support/articles… | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN13555032/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Sony Corporation | VAIO Update |
Affected:
7.3.0.03150 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sony.com/electronics/support/articles/00228777"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN13555032/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VAIO Update",
"vendor": "Sony Corporation",
"versions": [
{
"status": "affected",
"version": "7.3.0.03150 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authorization vulnerability in VAIO Update 7.3.0.03150 and earlier allows an attackers to execute arbitrary executable file with administrative privilege via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-05T13:20:17.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sony.com/electronics/support/articles/00228777"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN13555032/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5981",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VAIO Update",
"version": {
"version_data": [
{
"version_value": "7.3.0.03150 and earlier"
}
]
}
}
]
},
"vendor_name": "Sony Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper authorization vulnerability in VAIO Update 7.3.0.03150 and earlier allows an attackers to execute arbitrary executable file with administrative privilege via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sony.com/electronics/support/articles/00228777",
"refsource": "MISC",
"url": "https://www.sony.com/electronics/support/articles/00228777"
},
{
"name": "https://jvn.jp/en/jp/JVN13555032/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN13555032/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5981",
"datePublished": "2019-07-05T13:20:17.000Z",
"dateReserved": "2019-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:09:23.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2019-000040
Vulnerability from jvndb - Published: 2019-06-21 14:22 - Updated:2019-10-01 11:12
Severity
Summary
Multiple vulnerabilities in VAIO Update
Details
VAIO Update provided by Sony Corporation contains multiple vulnerabilities listed below.
*Improper authorization process (CWE-285) - CVE-2019-5981
*Improper verification of download file (CWE-669) - CVE-2019-5982
Device Security reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000040.html",
"dc:date": "2019-10-01T11:12+09:00",
"dcterms:issued": "2019-06-21T14:22+09:00",
"dcterms:modified": "2019-10-01T11:12+09:00",
"description": "VAIO Update provided by Sony Corporation contains multiple vulnerabilities listed below.\r\n\r\n*Improper authorization process (CWE-285) - CVE-2019-5981\r\n*Improper verification of download file (CWE-669) - CVE-2019-5982\r\n\r\nDevice Security reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000040.html",
"sec:cpe": {
"#text": "cpe:/a:sony:vaio_update",
"@product": "VAIO Update",
"@vendor": "Sony Corporation",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2019-000040",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN13555032/index.html",
"@id": "JVN#13555032",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5981",
"@id": "CVE-2019-5981",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5982",
"@id": "CVE-2019-5982",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5981",
"@id": "CVE-2019-5981",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5982",
"@id": "CVE-2019-5982",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in VAIO Update"
}