Vulnerability-Lookup

CVE-2019-5981 (GCVE-0-2019-5981)

Vulnerability from cvelistv5 – Published: 2019-07-05 13:20 – Updated: 2024-08-04 20:09

Summary

Improper authorization vulnerability in VAIO Update 7.3.0.03150 and earlier allows an attackers to execute arbitrary executable file with administrative privilege via unspecified vectors.

Severity

No CVSS data available.

CWE

Improper Authorization

Assigner

jpcert

References

2 references

URL	Tags
https://www.sony.com/electronics/support/articles…	x_refsource_MISC
https://jvn.jp/en/jp/JVN13555032/index.html	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
Sony Corporation	VAIO Update	Affected: 7.3.0.03150 and earlier

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:09:23.992Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.sony.com/electronics/support/articles/00228777"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN13555032/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "VAIO Update",
          "vendor": "Sony Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "7.3.0.03150 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper authorization vulnerability in VAIO Update 7.3.0.03150 and earlier allows an attackers to execute arbitrary executable file with administrative privilege via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Authorization",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-05T13:20:17.000Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.sony.com/electronics/support/articles/00228777"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN13555032/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2019-5981",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "VAIO Update",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.3.0.03150 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Sony Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper authorization vulnerability in VAIO Update 7.3.0.03150 and earlier allows an attackers to execute arbitrary executable file with administrative privilege via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Authorization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.sony.com/electronics/support/articles/00228777",
              "refsource": "MISC",
              "url": "https://www.sony.com/electronics/support/articles/00228777"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN13555032/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN13555032/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2019-5981",
    "datePublished": "2019-07-05T13:20:17.000Z",
    "dateReserved": "2019-01-10T00:00:00.000Z",
    "dateUpdated": "2024-08-04T20:09:23.992Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2019-5981",
      "date": "2026-05-29",
      "epss": "0.00217",
      "percentile": "0.44259"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sony:vaio_update:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"7.3.0.03150\", \"matchCriteriaId\": \"DD07A709-9051-43BB-90D9-C78A72AD5BB9\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Improper authorization vulnerability in VAIO Update 7.3.0.03150 and earlier allows an attackers to execute arbitrary executable file with administrative privilege via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de autorizaci\\u00f3n inapropiada en VAIO Update versi\\u00f3n 7.3.0.03150 y anteriores, permite a los atacantes ejecutar archivos ejecutables arbitrarios con privilegios administrativos por medio de vectores no especificados.\"}]",
      "id": "CVE-2019-5981",
      "lastModified": "2024-11-21T04:45:50.937",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2019-07-05T14:15:12.857",
      "references": "[{\"url\": \"https://jvn.jp/en/jp/JVN13555032/index.html\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.sony.com/electronics/support/articles/00228777\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://jvn.jp/en/jp/JVN13555032/index.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.sony.com/electronics/support/articles/00228777\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "vultures@jpcert.or.jp",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-5981\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2019-07-05T14:15:12.857\",\"lastModified\":\"2024-11-21T04:45:50.937\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper authorization vulnerability in VAIO Update 7.3.0.03150 and earlier allows an attackers to execute arbitrary executable file with administrative privilege via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de autorizaci\u00f3n inapropiada en VAIO Update versi\u00f3n 7.3.0.03150 y anteriores, permite a los atacantes ejecutar archivos ejecutables arbitrarios con privilegios administrativos por medio de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sony:vaio_update:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.3.0.03150\",\"matchCriteriaId\":\"DD07A709-9051-43BB-90D9-C78A72AD5BB9\"}]}]}],\"references\":[{\"url\":\"https://jvn.jp/en/jp/JVN13555032/index.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.sony.com/electronics/support/articles/00228777\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://jvn.jp/en/jp/JVN13555032/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.sony.com/electronics/support/articles/00228777\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CNVD-2019-42742

Vulnerability from cnvd - Published: 2019-11-28

Title

Sony VAIO Update授权问题漏洞

Description

Sony VAIO Update是日本索尼（Sony）公司的一款Sony VAIO电脑中预置的系统更新工具。 Sony VAIO Update 7.3.0.03150及之前版本中存在授权问题漏洞。该漏洞源于网络系统或产品中缺少身份验证措施或身份验证强度不足。攻击者可利用该漏洞通过未指定的媒介以管理特权执行任意可执行文件。

Severity

中

Patch Name

Sony VAIO Update授权问题漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.sony.com/electronics/support/articles/00228777

Reference

https://www.sony.com/electronics/support/articles/00228777

Impacted products

Name
Sony Sony VAIO Update <=7.3.0.03150

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-5981",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-5981"
    }
  },
  "description": "Sony VAIO Update\u662f\u65e5\u672c\u7d22\u5c3c\uff08Sony\uff09\u516c\u53f8\u7684\u4e00\u6b3eSony VAIO\u7535\u8111\u4e2d\u9884\u7f6e\u7684\u7cfb\u7edf\u66f4\u65b0\u5de5\u5177\u3002\n\nSony VAIO Update 7.3.0.03150\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u4e2d\u7f3a\u5c11\u8eab\u4efd\u9a8c\u8bc1\u63aa\u65bd\u6216\u8eab\u4efd\u9a8c\u8bc1\u5f3a\u5ea6\u4e0d\u8db3\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u672a\u6307\u5b9a\u7684\u5a92\u4ecb\u4ee5\u7ba1\u7406\u7279\u6743\u6267\u884c\u4efb\u610f\u53ef\u6267\u884c\u6587\u4ef6\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.sony.com/electronics/support/articles/00228777",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-42742",
  "openTime": "2019-11-28",
  "patchDescription": "Sony VAIO Update\u662f\u65e5\u672c\u7d22\u5c3c\uff08Sony\uff09\u516c\u53f8\u7684\u4e00\u6b3eSony VAIO\u7535\u8111\u4e2d\u9884\u7f6e\u7684\u7cfb\u7edf\u66f4\u65b0\u5de5\u5177\u3002\r\n\r\nSony VAIO Update 7.3.0.03150\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u4e2d\u7f3a\u5c11\u8eab\u4efd\u9a8c\u8bc1\u63aa\u65bd\u6216\u8eab\u4efd\u9a8c\u8bc1\u5f3a\u5ea6\u4e0d\u8db3\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u672a\u6307\u5b9a\u7684\u5a92\u4ecb\u4ee5\u7ba1\u7406\u7279\u6743\u6267\u884c\u4efb\u610f\u53ef\u6267\u884c\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Sony VAIO Update\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Sony Sony VAIO Update \u003c=7.3.0.03150"
  },
  "referenceLink": "https://www.sony.com/electronics/support/articles/00228777",
  "serverity": "\u4e2d",
  "submitTime": "2019-06-25",
  "title": "Sony VAIO Update\u6388\u6743\u95ee\u9898\u6f0f\u6d1e"
}

FKIE_CVE-2019-5981

Vulnerability from fkie_nvd - Published: 2019-07-05 14:15 - Updated: 2024-11-21 04:45

Severity

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Improper authorization vulnerability in VAIO Update 7.3.0.03150 and earlier allows an attackers to execute arbitrary executable file with administrative privilege via unspecified vectors.

References

URL	Tags
vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN13555032/index.html	Third Party Advisory
vultures@jpcert.or.jp	https://www.sony.com/electronics/support/articles/00228777	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/jp/JVN13555032/index.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.sony.com/electronics/support/articles/00228777	Vendor Advisory

Impacted products

	Vendor	Product	Version
	sony	vaio_update	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sony:vaio_update:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD07A709-9051-43BB-90D9-C78A72AD5BB9",
              "versionEndIncluding": "7.3.0.03150",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper authorization vulnerability in VAIO Update 7.3.0.03150 and earlier allows an attackers to execute arbitrary executable file with administrative privilege via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de autorizaci\u00f3n inapropiada en VAIO Update versi\u00f3n 7.3.0.03150 y anteriores, permite a los atacantes ejecutar archivos ejecutables arbitrarios con privilegios administrativos por medio de vectores no especificados."
    }
  ],
  "id": "CVE-2019-5981",
  "lastModified": "2024-11-21T04:45:50.937",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-05T14:15:12.857",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN13555032/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.sony.com/electronics/support/articles/00228777"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN13555032/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.sony.com/electronics/support/articles/00228777"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-GF4M-284G-PPR8

Vulnerability from github – Published: 2022-05-24 16:49 – Updated: 2022-05-24 16:49

Details

Improper authorization vulnerability in VAIO Update 7.3.0.03150 and earlier allows an attackers to execute arbitrary executable file with administrative privilege via unspecified vectors.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-5981"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-07-05T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "Improper authorization vulnerability in VAIO Update 7.3.0.03150 and earlier allows an attackers to execute arbitrary executable file with administrative privilege via unspecified vectors.",
  "id": "GHSA-gf4m-284g-ppr8",
  "modified": "2022-05-24T16:49:39Z",
  "published": "2022-05-24T16:49:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5981"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN13555032/index.html"
    },
    {
      "type": "WEB",
      "url": "https://www.sony.com/electronics/support/articles/00228777"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2019-5981

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Improper authorization vulnerability in VAIO Update 7.3.0.03150 and earlier allows an attackers to execute arbitrary executable file with administrative privilege via unspecified vectors.

Aliases

CVE-2019-5981

Aliases

CVE-2019-5981

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-5981",
    "description": "Improper authorization vulnerability in VAIO Update 7.3.0.03150 and earlier allows an attackers to execute arbitrary executable file with administrative privilege via unspecified vectors.",
    "id": "GSD-2019-5981"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-5981"
      ],
      "details": "Improper authorization vulnerability in VAIO Update 7.3.0.03150 and earlier allows an attackers to execute arbitrary executable file with administrative privilege via unspecified vectors.",
      "id": "GSD-2019-5981",
      "modified": "2023-12-13T01:23:56.622976Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2019-5981",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "VAIO Update",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "7.3.0.03150 and earlier"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Sony Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Improper authorization vulnerability in VAIO Update 7.3.0.03150 and earlier allows an attackers to execute arbitrary executable file with administrative privilege via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Improper Authorization"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.sony.com/electronics/support/articles/00228777",
            "refsource": "MISC",
            "url": "https://www.sony.com/electronics/support/articles/00228777"
          },
          {
            "name": "https://jvn.jp/en/jp/JVN13555032/index.html",
            "refsource": "MISC",
            "url": "https://jvn.jp/en/jp/JVN13555032/index.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sony:vaio_update:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.3.0.03150",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2019-5981"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Improper authorization vulnerability in VAIO Update 7.3.0.03150 and earlier allows an attackers to execute arbitrary executable file with administrative privilege via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jvn.jp/en/jp/JVN13555032/index.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://jvn.jp/en/jp/JVN13555032/index.html"
            },
            {
              "name": "https://www.sony.com/electronics/support/articles/00228777",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.sony.com/electronics/support/articles/00228777"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-08-24T17:37Z",
      "publishedDate": "2019-07-05T14:15Z"
    }
  }
}

JVNDB-2019-000040

Vulnerability from jvndb - Published: 2019-06-21 14:22 - Updated:2019-10-01 11:12

Severity

7.8 (High) - cvssV3_0 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Multiple vulnerabilities in VAIO Update

Details

VAIO Update provided by Sony Corporation contains multiple vulnerabilities listed below. *Improper authorization process (CWE-285) - CVE-2019-5981 *Improper verification of download file (CWE-669) - CVE-2019-5982 Device Security reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN13555032/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5981
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5982
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5981
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-5982
	Permissions(CWE-264)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

Sony Corporation

VAIO Update

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000040.html",
  "dc:date": "2019-10-01T11:12+09:00",
  "dcterms:issued": "2019-06-21T14:22+09:00",
  "dcterms:modified": "2019-10-01T11:12+09:00",
  "description": "VAIO Update provided by Sony Corporation contains multiple vulnerabilities listed below.\r\n\r\n*Improper authorization process (CWE-285) - CVE-2019-5981\r\n*Improper verification of download file (CWE-669) - CVE-2019-5982\r\n\r\nDevice Security reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000040.html",
  "sec:cpe": {
    "#text": "cpe:/a:sony:vaio_update",
    "@product": "VAIO Update",
    "@vendor": "Sony Corporation",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "6.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "7.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2019-000040",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN13555032/index.html",
      "@id": "JVN#13555032",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5981",
      "@id": "CVE-2019-5981",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5982",
      "@id": "CVE-2019-5982",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5981",
      "@id": "CVE-2019-5981",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5982",
      "@id": "CVE-2019-5982",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Multiple vulnerabilities in VAIO Update"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-5981 (GCVE-0-2019-5981)

CNVD-2019-42742

FKIE_CVE-2019-5981

GHSA-GF4M-284G-PPR8

GSD-2019-5981

JVNDB-2019-000040

Tags

Sightings

Nomenclature