cvelistv5 - CVE-2017-2286

CVE-2017-2286 (GCVE-0-2017-2286)

Vulnerability from cvelistv5 – Published: 2017-08-02 16:00 – Updated: 2024-08-05 13:48

Summary

Severity ?

No CVSS data available.

CWE

Untrusted search path vulnerability

Assigner

jpcert

References

URL

Tags

https://jvn.jp/en/jp/JVN16136413/index.html

third-party-advisoryx_refsource_JVN

Impacted products

Vendor

Product

Version

Sony Corporation

NFC Port Software (for RC-S310, RC-S320, RC-S330, RC-S370, RC-S380, RC-S380/S)

Affected: Version 5.5.0.6 and earlier

Sony Corporation	NFC Port Software (for RC-S320, RC-S310/J1C, RC-S310/ED4C)	Affected: Version 5.3.6.7 and earlier
Sony Corporation	PC/SC Activator for Type B	Affected: Ver.1.2.1.0 and earlier
Sony Corporation	SFCard Viewer 2	Affected: Ver.2.5.0.0 and earlier
Sony Corporation	NFC Net Installer	Affected: Ver.1.1.0.0 and earlier

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:48:05.273Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVN#16136413",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN16136413/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NFC Port Software (for RC-S310, RC-S320, RC-S330, RC-S370, RC-S380, RC-S380/S)",
          "vendor": "Sony Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Version 5.5.0.6 and earlier"
            }
          ]
        },
        {
          "product": "NFC Port Software (for RC-S320, RC-S310/J1C, RC-S310/ED4C)",
          "vendor": "Sony Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Version 5.3.6.7 and earlier"
            }
          ]
        },
        {
          "product": "PC/SC Activator for Type B",
          "vendor": "Sony Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.1.2.1.0 and earlier"
            }
          ]
        },
        {
          "product": "SFCard Viewer 2",
          "vendor": "Sony Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.2.5.0.0 and earlier"
            }
          ]
        },
        {
          "product": "NFC Net Installer",
          "vendor": "Sony Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.1.1.0.0 and earlier"
            }
          ]
        }
      ],
      "datePublic": "2017-08-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Untrusted search path vulnerability in NFC Port Software Version 5.5.0.6 and earlier (for RC-S310, RC-S320, RC-S330, RC-S370, RC-S380, RC-S380/S), NFC Port Software Version 5.3.6.7 and earlier (for RC-S320, RC-S310/J1C, RC-S310/ED4C), PC/SC Activator for Type B Ver.1.2.1.0 and earlier, SFCard Viewer 2 Ver.2.5.0.0 and earlier, NFC Net Installer Ver.1.1.0.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Untrusted search path vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-02T15:57:02",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "JVN#16136413",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "https://jvn.jp/en/jp/JVN16136413/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2017-2286",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NFC Port Software (for RC-S310, RC-S320, RC-S330, RC-S370, RC-S380, RC-S380/S)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Version 5.5.0.6 and earlier"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "NFC Port Software (for RC-S320, RC-S310/J1C, RC-S310/ED4C)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Version 5.3.6.7 and earlier"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "PC/SC Activator for Type B",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Ver.1.2.1.0 and earlier"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SFCard Viewer 2",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Ver.2.5.0.0 and earlier"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "NFC Net Installer",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Ver.1.1.0.0 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Sony Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Untrusted search path vulnerability in NFC Port Software Version 5.5.0.6 and earlier (for RC-S310, RC-S320, RC-S330, RC-S370, RC-S380, RC-S380/S), NFC Port Software Version 5.3.6.7 and earlier (for RC-S320, RC-S310/J1C, RC-S310/ED4C), PC/SC Activator for Type B Ver.1.2.1.0 and earlier, SFCard Viewer 2 Ver.2.5.0.0 and earlier, NFC Net Installer Ver.1.1.0.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#16136413",
              "refsource": "JVN",
              "url": "https://jvn.jp/en/jp/JVN16136413/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2017-2286",
    "datePublished": "2017-08-02T16:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-05T13:48:05.273Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sony:nfc_port_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.5.0.6\", \"matchCriteriaId\": \"58FF206E-61CB-41AE-A055-D17B9D4D3C3F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sony:rc-s310:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"95DFE77A-E624-40C8-BB52-DC1BA2DCFE6D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sony:rc-s320:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D736000-7095-4F5D-9EFA-3B3CA9D90236\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sony:rc-s330:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AC30D968-0F24-41BF-A856-D3A9A9585A6E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sony:rc-s370:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AC4E817B-B58D-4CF2-91EA-79A1C0C275E7\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sony:rc-s380:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CB37F739-30F5-416A-9231-1C1F65636A4D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sony:rc-s380\\\\/s:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F5CB280-9536-4853-BDEE-AEB0EEF5F620\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sony:nfc_port_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.3.6.7\", \"matchCriteriaId\": \"6C391E1E-E1D8-4C91-A95D-047AAFD7455B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sony:rc-s310\\\\/ed4c:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"187AE859-6A0F-4995-8171-D0464D570B27\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sony:rc-s310\\\\/j1c:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F74EB26-5AA7-44FA-9B42-1D93929C4F00\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sony:rc-s320:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D736000-7095-4F5D-9EFA-3B3CA9D90236\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sony:pc\\\\/sc_activator_for_type_b:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.2.1.0\", \"matchCriteriaId\": \"F090AA3D-E974-4983-854A-24825A574D81\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sony:sfcard_viewer_2:2.5.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F08CDA0-9C53-4991-A5D4-86E9F4B0686B\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sony:nfc_net_installer:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.1.0.0\", \"matchCriteriaId\": \"A7C79B64-38A9-437C-B153-281D4ED8A547\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Untrusted search path vulnerability in NFC Port Software Version 5.5.0.6 and earlier (for RC-S310, RC-S320, RC-S330, RC-S370, RC-S380, RC-S380/S), NFC Port Software Version 5.3.6.7 and earlier (for RC-S320, RC-S310/J1C, RC-S310/ED4C), PC/SC Activator for Type B Ver.1.2.1.0 and earlier, SFCard Viewer 2 Ver.2.5.0.0 and earlier, NFC Net Installer Ver.1.1.0.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de tipo ruta de b\\u00fasqueda no confiable permite a los atacantes conseguir privilegios utilizando un archivo DLL troyano en un directorio no especificado. Esta vulnerabilidad afecta a NFC Port Software, versiones 5.5.0.6 y anteriores (para RC-S310, RC-S320, RC-S330, RC-S370, RC-S380, RC-S380/S); NFC Port Software, versiones 5.3.6.7 y anteriores (para RC-S320, RC-S310/J1C, RC-S310/ED4C); PC/SC Activator for Type B, versiones 1.2.1.0 y anteriores; SFCard Viewer 2, versiones 2.5.0.0 y anteriores; y NFC Net Installer, versiones 1.1.0.0 y anteriores.\"}]",
      "id": "CVE-2017-2286",
      "lastModified": "2024-11-21T03:23:12.800",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2017-08-02T16:29:00.597",
      "references": "[{\"url\": \"https://jvn.jp/en/jp/JVN16136413/index.html\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://jvn.jp/en/jp/JVN16136413/index.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "vultures@jpcert.or.jp",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-427\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-2286\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2017-08-02T16:29:00.597\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Untrusted search path vulnerability in NFC Port Software Version 5.5.0.6 and earlier (for RC-S310, RC-S320, RC-S330, RC-S370, RC-S380, RC-S380/S), NFC Port Software Version 5.3.6.7 and earlier (for RC-S320, RC-S310/J1C, RC-S310/ED4C), PC/SC Activator for Type B Ver.1.2.1.0 and earlier, SFCard Viewer 2 Ver.2.5.0.0 and earlier, NFC Net Installer Ver.1.1.0.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de tipo ruta de b\u00fasqueda no confiable permite a los atacantes conseguir privilegios utilizando un archivo DLL troyano en un directorio no especificado. Esta vulnerabilidad afecta a NFC Port Software, versiones 5.5.0.6 y anteriores (para RC-S310, RC-S320, RC-S330, RC-S370, RC-S380, RC-S380/S); NFC Port Software, versiones 5.3.6.7 y anteriores (para RC-S320, RC-S310/J1C, RC-S310/ED4C); PC/SC Activator for Type B, versiones 1.2.1.0 y anteriores; SFCard Viewer 2, versiones 2.5.0.0 y anteriores; y NFC Net Installer, versiones 1.1.0.0 y anteriores.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-427\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sony:nfc_port_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.5.0.6\",\"matchCriteriaId\":\"58FF206E-61CB-41AE-A055-D17B9D4D3C3F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sony:rc-s310:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95DFE77A-E624-40C8-BB52-DC1BA2DCFE6D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sony:rc-s320:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D736000-7095-4F5D-9EFA-3B3CA9D90236\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sony:rc-s330:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC30D968-0F24-41BF-A856-D3A9A9585A6E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sony:rc-s370:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC4E817B-B58D-4CF2-91EA-79A1C0C275E7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sony:rc-s380:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB37F739-30F5-416A-9231-1C1F65636A4D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sony:rc-s380\\\\/s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F5CB280-9536-4853-BDEE-AEB0EEF5F620\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sony:nfc_port_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.3.6.7\",\"matchCriteriaId\":\"6C391E1E-E1D8-4C91-A95D-047AAFD7455B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sony:rc-s310\\\\/ed4c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"187AE859-6A0F-4995-8171-D0464D570B27\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sony:rc-s310\\\\/j1c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F74EB26-5AA7-44FA-9B42-1D93929C4F00\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sony:rc-s320:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D736000-7095-4F5D-9EFA-3B3CA9D90236\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sony:pc\\\\/sc_activator_for_type_b:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.2.1.0\",\"matchCriteriaId\":\"F090AA3D-E974-4983-854A-24825A574D81\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sony:sfcard_viewer_2:2.5.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F08CDA0-9C53-4991-A5D4-86E9F4B0686B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sony:nfc_net_installer:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.1.0.0\",\"matchCriteriaId\":\"A7C79B64-38A9-437C-B153-281D4ED8A547\"}]}]}],\"references\":[{\"url\":\"https://jvn.jp/en/jp/JVN16136413/index.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://jvn.jp/en/jp/JVN16136413/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

GSD-2017-2286

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-2286

Aliases

CVE-2017-2286

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-2286",
    "description": "Untrusted search path vulnerability in NFC Port Software Version 5.5.0.6 and earlier (for RC-S310, RC-S320, RC-S330, RC-S370, RC-S380, RC-S380/S), NFC Port Software Version 5.3.6.7 and earlier (for RC-S320, RC-S310/J1C, RC-S310/ED4C), PC/SC Activator for Type B Ver.1.2.1.0 and earlier, SFCard Viewer 2 Ver.2.5.0.0 and earlier, NFC Net Installer Ver.1.1.0.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.",
    "id": "GSD-2017-2286"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-2286"
      ],
      "details": "Untrusted search path vulnerability in NFC Port Software Version 5.5.0.6 and earlier (for RC-S310, RC-S320, RC-S330, RC-S370, RC-S380, RC-S380/S), NFC Port Software Version 5.3.6.7 and earlier (for RC-S320, RC-S310/J1C, RC-S310/ED4C), PC/SC Activator for Type B Ver.1.2.1.0 and earlier, SFCard Viewer 2 Ver.2.5.0.0 and earlier, NFC Net Installer Ver.1.1.0.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.",
      "id": "GSD-2017-2286",
      "modified": "2023-12-13T01:21:06.136165Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2017-2286",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "NFC Port Software (for RC-S310, RC-S320, RC-S330, RC-S370, RC-S380, RC-S380/S)",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Version 5.5.0.6 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "NFC Port Software (for RC-S320, RC-S310/J1C, RC-S310/ED4C)",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Version 5.3.6.7 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "PC/SC Activator for Type B",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Ver.1.2.1.0 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SFCard Viewer 2",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Ver.2.5.0.0 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "NFC Net Installer",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Ver.1.1.0.0 and earlier"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Sony Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Untrusted search path vulnerability in NFC Port Software Version 5.5.0.6 and earlier (for RC-S310, RC-S320, RC-S330, RC-S370, RC-S380, RC-S380/S), NFC Port Software Version 5.3.6.7 and earlier (for RC-S320, RC-S310/J1C, RC-S310/ED4C), PC/SC Activator for Type B Ver.1.2.1.0 and earlier, SFCard Viewer 2 Ver.2.5.0.0 and earlier, NFC Net Installer Ver.1.1.0.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Untrusted search path vulnerability"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "JVN#16136413",
            "refsource": "JVN",
            "url": "https://jvn.jp/en/jp/JVN16136413/index.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sony:nfc_port_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "5.5.0.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sony:rc-s330:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:sony:rc-s370:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:sony:rc-s380:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:sony:rc-s380\\/s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:sony:rc-s310:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:sony:rc-s320:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sony:nfc_port_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "5.3.6.7",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sony:rc-s310\\/j1c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:sony:rc-s310\\/ed4c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:sony:rc-s320:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:sony:pc\\/sc_activator_for_type_b:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.2.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:sony:sfcard_viewer_2:2.5.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:sony:nfc_net_installer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.1.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2017-2286"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in NFC Port Software Version 5.5.0.6 and earlier (for RC-S310, RC-S320, RC-S330, RC-S370, RC-S380, RC-S380/S), NFC Port Software Version 5.3.6.7 and earlier (for RC-S320, RC-S310/J1C, RC-S310/ED4C), PC/SC Activator for Type B Ver.1.2.1.0 and earlier, SFCard Viewer 2 Ver.2.5.0.0 and earlier, NFC Net Installer Ver.1.1.0.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-427"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#16136413",
              "refsource": "JVN",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://jvn.jp/en/jp/JVN16136413/index.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2017-08-23T14:05Z",
      "publishedDate": "2017-08-02T16:29Z"
    }
  }
}

CNVD-2017-32542

Vulnerability from cnvd - Published: 2017-11-02

Title

多款Sony产品不可信搜索路径漏洞

Description

Sony NFC Port Software等都是日本索尼（Sony）公司的产品。Sony NFC Port Software是一套NFC接口软件。PC/SC Activator for Type B是一款Type B接口支持软件。多款Sony产品中存在不可信搜索路径漏洞。远程攻击者可借助目录下恶意的DLL利用该漏洞获取权限。

Severity

高

Patch Name

多款Sony产品不可信搜索路径漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.sony.net/Products/felica/business/information/170725.html

Reference

https://jvn.jp/en/jp/JVN16136413/index.html

Impacted products

Name
['Sony NFC Port Software <=5.5.0.6', 'Sony NFC Port Software <=5.3.6.7', 'Sony PC/SC Activator for Type B <=Ver.1.2.1.0', 'Sony SFCard Viewer 2 <=Ver.2.5.0.0', 'Sony NFC Net Installer <vVer.1.1.0.0']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-2286"
    }
  },
  "description": "Sony NFC Port Software\u7b49\u90fd\u662f\u65e5\u672c\u7d22\u5c3c\uff08Sony\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Sony NFC Port Software\u662f\u4e00\u5957NFC\u63a5\u53e3\u8f6f\u4ef6\u3002PC/SC Activator for Type B\u662f\u4e00\u6b3eType B\u63a5\u53e3\u652f\u6301\u8f6f\u4ef6\u3002\r\n\r\n\u591a\u6b3eSony\u4ea7\u54c1\u4e2d\u5b58\u5728\u4e0d\u53ef\u4fe1\u641c\u7d22\u8def\u5f84\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u76ee\u5f55\u4e0b\u6076\u610f\u7684DLL\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u6743\u9650\u3002",
  "discovererName": "Eili Masami of Tachibana Lab.",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.sony.net/Products/felica/business/information/170725.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-32542",
  "openTime": "2017-11-02",
  "patchDescription": "Sony NFC Port Software\u7b49\u90fd\u662f\u65e5\u672c\u7d22\u5c3c\uff08Sony\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Sony NFC Port Software\u662f\u4e00\u5957NFC\u63a5\u53e3\u8f6f\u4ef6\u3002PC/SC Activator for Type B\u662f\u4e00\u6b3eType B\u63a5\u53e3\u652f\u6301\u8f6f\u4ef6\u3002\r\n\r\n\u591a\u6b3eSony\u4ea7\u54c1\u4e2d\u5b58\u5728\u4e0d\u53ef\u4fe1\u641c\u7d22\u8def\u5f84\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u76ee\u5f55\u4e0b\u6076\u610f\u7684DLL\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eSony\u4ea7\u54c1\u4e0d\u53ef\u4fe1\u641c\u7d22\u8def\u5f84\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Sony NFC Port Software \u003c=5.5.0.6",
      "Sony NFC Port Software \u003c=5.3.6.7",
      "Sony PC/SC Activator for Type B \u003c=Ver.1.2.1.0",
      "Sony SFCard Viewer 2 \u003c=Ver.2.5.0.0",
      "Sony NFC Net Installer \u003cvVer.1.1.0.0"
    ]
  },
  "referenceLink": "https://jvn.jp/en/jp/JVN16136413/index.html",
  "serverity": "\u9ad8",
  "submitTime": "2017-10-27",
  "title": "\u591a\u6b3eSony\u4ea7\u54c1\u4e0d\u53ef\u4fe1\u641c\u7d22\u8def\u5f84\u6f0f\u6d1e"
}

GHSA-592G-2WX9-5J84

Vulnerability from github – Published: 2022-05-17 01:58 – Updated: 2022-05-17 01:58

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-2286"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-427"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-08-02T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "Untrusted search path vulnerability in NFC Port Software Version 5.5.0.6 and earlier (for RC-S310, RC-S320, RC-S330, RC-S370, RC-S380, RC-S380/S), NFC Port Software Version 5.3.6.7 and earlier (for RC-S320, RC-S310/J1C, RC-S310/ED4C), PC/SC Activator for Type B Ver.1.2.1.0 and earlier, SFCard Viewer 2 Ver.2.5.0.0 and earlier, NFC Net Installer Ver.1.1.0.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.",
  "id": "GHSA-592g-2wx9-5j84",
  "modified": "2022-05-17T01:58:19Z",
  "published": "2022-05-17T01:58:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2286"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN16136413/index.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

VAR-201708-0799

Vulnerability from variot - Updated: 2023-12-18 13:29

Untrusted search path vulnerability in NFC Port Software Version 5.5.0.6 and earlier (for RC-S310, RC-S320, RC-S330, RC-S370, RC-S380, RC-S380/S), NFC Port Software Version 5.3.6.7 and earlier (for RC-S320, RC-S310/J1C, RC-S310/ED4C), PC/SC Activator for Type B Ver.1.2.1.0 and earlier, SFCard Viewer 2 Ver.2.5.0.0 and earlier, NFC Net Installer Ver.1.1.0.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. PaSoRi provided by Sony Corporation is contactless IC card reader/writer. Installers of PaSoRi driver and other related software for Windows contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Arbitrary code may be executed with the privilege of the user invoking the installer. Sony NFC Port Software, etc. are all products of Sony Corporation of Japan. Sony NFC Port Software is a set of NFC interface software. PC/SC Activator for Type B is a Type B interface support software. An untrusted search path vulnerability exists in several Sony products. A remote attacker can exploit this vulnerability to obtain permissions with the help of malicious DLLs in the directory

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201708-0799",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "sfcard viewer 2",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "sony",
        "version": "2.5.0.0"
      },
      {
        "model": "nfc port",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "sony",
        "version": "5.3.6.7"
      },
      {
        "model": "nfc net installer",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "sony",
        "version": "1.1.0.0"
      },
      {
        "model": "pc\\/sc activator for type b",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "sony",
        "version": "1.2.1.0"
      },
      {
        "model": "nfc port",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "sony",
        "version": "5.5.0.6"
      },
      {
        "model": "nfc net installer",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "sony",
        "version": "ver.1.1.0.0"
      },
      {
        "model": "nfc port software",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "sony",
        "version": "version 5.3.6.7  products: rc-s320, rc-s310/j1c, rc-s310/ed4c"
      },
      {
        "model": "nfc port software",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "sony",
        "version": "version 5.5.0.6  products: rc-s310, rc-s320, rc-s330, rc-s370, rc-s380, rc-s380/s"
      },
      {
        "model": "pc/sc activator for type b",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "sony",
        "version": "ver.1.2.1.0"
      },
      {
        "model": "sfcard viewer 2",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "sony",
        "version": "ver.2.5.0.0"
      },
      {
        "model": "nfc port",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sony",
        "version": "5.3.6.7"
      },
      {
        "model": "pc\\/sc activator for type b",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sony",
        "version": "1.2.1.0"
      },
      {
        "model": "nfc net installer",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sony",
        "version": "1.1.0.0"
      },
      {
        "model": "nfc port",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sony",
        "version": "5.5.0.6"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000189"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2286"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-078"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sony:nfc_port_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "5.5.0.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sony:rc-s330:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:sony:rc-s370:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:sony:rc-s380:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:sony:rc-s380\\/s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:sony:rc-s310:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:sony:rc-s320:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sony:nfc_port_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "5.3.6.7",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sony:rc-s310\\/j1c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:sony:rc-s310\\/ed4c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:sony:rc-s320:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:sony:pc\\/sc_activator_for_type_b:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.2.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:sony:sfcard_viewer_2:2.5.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:sony:nfc_net_installer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.1.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-2286"
      }
    ]
  },
  "cve": "CVE-2017-2286",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2017-000189",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-110489",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "IPA",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2017-000189",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-2286",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2017-000189",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201708-078",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-110489",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-110489"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000189"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2286"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-078"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Untrusted search path vulnerability in NFC Port Software Version 5.5.0.6 and earlier (for RC-S310, RC-S320, RC-S330, RC-S370, RC-S380, RC-S380/S), NFC Port Software Version 5.3.6.7 and earlier (for RC-S320, RC-S310/J1C, RC-S310/ED4C), PC/SC Activator for Type B Ver.1.2.1.0 and earlier, SFCard Viewer 2 Ver.2.5.0.0 and earlier, NFC Net Installer Ver.1.1.0.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. PaSoRi provided by Sony Corporation is contactless IC card reader/writer. Installers of PaSoRi driver and other related software for Windows contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Arbitrary code may be executed with the privilege of the user invoking the installer. Sony NFC Port Software, etc. are all products of Sony Corporation of Japan. Sony NFC Port Software is a set of NFC interface software. PC/SC Activator for Type B is a Type B interface support software. An untrusted search path vulnerability exists in several Sony products. A remote attacker can exploit this vulnerability to obtain permissions with the help of malicious DLLs in the directory",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-2286"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000189"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110489"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-2286",
        "trust": 2.5
      },
      {
        "db": "JVN",
        "id": "JVN16136413",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000189",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-078",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-110489",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-110489"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000189"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2286"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-078"
      }
    ]
  },
  "id": "VAR-201708-0799",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-110489"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:29:11.305000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "New installer with security fixes for users of the USB NFC reader for Windows",
        "trust": 0.8,
        "url": "https://www.sony.net/products/felica/business/information/170725.html"
      },
      {
        "title": "Multiple Sony Product security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=75599"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000189"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-078"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-427",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-110489"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000189"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2286"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://jvn.jp/en/jp/jvn16136413/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2286"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/en/ta/jvnta91240916/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2286"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-110489"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000189"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2286"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-078"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-110489"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000189"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2286"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-078"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-110489"
      },
      {
        "date": "2017-07-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-000189"
      },
      {
        "date": "2017-08-02T16:29:00.597000",
        "db": "NVD",
        "id": "CVE-2017-2286"
      },
      {
        "date": "2017-08-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201708-078"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-110489"
      },
      {
        "date": "2018-01-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-000189"
      },
      {
        "date": "2017-08-23T14:05:02.177000",
        "db": "NVD",
        "id": "CVE-2017-2286"
      },
      {
        "date": "2017-10-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201708-078"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-078"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Installers of Sony PaSoRi related software may insecurely load Dynamic Link Libraries",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000189"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-078"
      }
    ],
    "trust": 0.6
  }
}

JVNDB-2017-000189

Vulnerability from jvndb - Published: 2017-07-27 15:38 - Updated:2018-01-24 14:14

Severity ?

7.8 (High) - cvssV3_0 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Installers of Sony PaSoRi related software may insecurely load Dynamic Link Libraries

Details

PaSoRi provided by Sony Corporation is contactless IC card reader/writer. Installers of PaSoRi driver and other related software for Windows contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN16136413/index.html
	JVN	http://jvn.jp/en/ta/JVNTA91240916/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2286
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-2286
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	Sony Corporation	NFC net installer
	Sony Corporation	NFC Port Software (formerly FeliCa port software)
	Sony Corporation	PC/SC activator for Type B
	Sony Corporation	SFCard Viewer 2

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000189.html",
  "dc:date": "2018-01-24T14:14+09:00",
  "dcterms:issued": "2017-07-27T15:38+09:00",
  "dcterms:modified": "2018-01-24T14:14+09:00",
  "description": "PaSoRi provided by Sony Corporation is contactless IC card reader/writer. Installers of PaSoRi driver and other related software for Windows contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nEili Masami of Tachibana Lab. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000189.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:sony:nfc_net_installer",
      "@product": "NFC net installer",
      "@vendor": "Sony Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:sony:nfc_port_software_%28formerly_felica_port_software%29",
      "@product": "NFC Port Software (formerly FeliCa port software)",
      "@vendor": "Sony Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:sony:pc%2Fsc_activator_for_type_b",
      "@product": "PC/SC activator for Type B",
      "@vendor": "Sony Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:sony:sfcard_viewer_2",
      "@product": "SFCard Viewer 2",
      "@vendor": "Sony Corporation",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "6.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "7.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2017-000189",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN16136413/index.html",
      "@id": "JVN#16136413",
      "@source": "JVN"
    },
    {
      "#text": "http://jvn.jp/en/ta/JVNTA91240916/index.html",
      "@id": "JVNTA#91240916",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2286",
      "@id": "CVE-2017-2286",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2286",
      "@id": "CVE-2017-2286",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Installers of Sony PaSoRi related software may insecurely load Dynamic Link Libraries"
}

FKIE_CVE-2017-2286

Vulnerability from fkie_nvd - Published: 2017-08-02 16:29 - Updated: 2025-04-20 01:37

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN16136413/index.html	Third Party Advisory, VDB Entry
	af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/jp/JVN16136413/index.html	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
sony	nfc_port_firmware	*
sony	rc-s310	-
sony	rc-s320	-
sony	rc-s330	-
sony	rc-s370	-
sony	rc-s380	-
sony	rc-s380\/s	-
sony	nfc_port_firmware	*
sony	rc-s310\/ed4c	-
sony	rc-s310\/j1c	-
sony	rc-s320	-
sony	pc\/sc_activator_for_type_b	*
sony	sfcard_viewer_2	2.5.0.0
sony	nfc_net_installer	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sony:nfc_port_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "58FF206E-61CB-41AE-A055-D17B9D4D3C3F",
              "versionEndIncluding": "5.5.0.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sony:rc-s310:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "95DFE77A-E624-40C8-BB52-DC1BA2DCFE6D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sony:rc-s320:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D736000-7095-4F5D-9EFA-3B3CA9D90236",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sony:rc-s330:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC30D968-0F24-41BF-A856-D3A9A9585A6E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sony:rc-s370:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC4E817B-B58D-4CF2-91EA-79A1C0C275E7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sony:rc-s380:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB37F739-30F5-416A-9231-1C1F65636A4D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sony:rc-s380\\/s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F5CB280-9536-4853-BDEE-AEB0EEF5F620",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sony:nfc_port_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C391E1E-E1D8-4C91-A95D-047AAFD7455B",
              "versionEndIncluding": "5.3.6.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sony:rc-s310\\/ed4c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "187AE859-6A0F-4995-8171-D0464D570B27",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sony:rc-s310\\/j1c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F74EB26-5AA7-44FA-9B42-1D93929C4F00",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:sony:rc-s320:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D736000-7095-4F5D-9EFA-3B3CA9D90236",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sony:pc\\/sc_activator_for_type_b:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F090AA3D-E974-4983-854A-24825A574D81",
              "versionEndIncluding": "1.2.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sony:sfcard_viewer_2:2.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F08CDA0-9C53-4991-A5D4-86E9F4B0686B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sony:nfc_net_installer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C79B64-38A9-437C-B153-281D4ED8A547",
              "versionEndIncluding": "1.1.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Untrusted search path vulnerability in NFC Port Software Version 5.5.0.6 and earlier (for RC-S310, RC-S320, RC-S330, RC-S370, RC-S380, RC-S380/S), NFC Port Software Version 5.3.6.7 and earlier (for RC-S320, RC-S310/J1C, RC-S310/ED4C), PC/SC Activator for Type B Ver.1.2.1.0 and earlier, SFCard Viewer 2 Ver.2.5.0.0 and earlier, NFC Net Installer Ver.1.1.0.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de tipo ruta de b\u00fasqueda no confiable permite a los atacantes conseguir privilegios utilizando un archivo DLL troyano en un directorio no especificado. Esta vulnerabilidad afecta a NFC Port Software, versiones 5.5.0.6 y anteriores (para RC-S310, RC-S320, RC-S330, RC-S370, RC-S380, RC-S380/S); NFC Port Software, versiones 5.3.6.7 y anteriores (para RC-S320, RC-S310/J1C, RC-S310/ED4C); PC/SC Activator for Type B, versiones 1.2.1.0 y anteriores; SFCard Viewer 2, versiones 2.5.0.0 y anteriores; y NFC Net Installer, versiones 1.1.0.0 y anteriores."
    }
  ],
  "id": "CVE-2017-2286",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-02T16:29:00.597",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://jvn.jp/en/jp/JVN16136413/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://jvn.jp/en/jp/JVN16136413/index.html"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-427"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-2286 (GCVE-0-2017-2286)

GSD-2017-2286

CNVD-2017-32542

GHSA-592G-2WX9-5J84

VAR-201708-0799

JVNDB-2017-000189

FKIE_CVE-2017-2286

Tags

Sightings

Nomenclature