CVE-2019-5982

Published: Jul 5, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.6 / Impact: 5.9

Source: NVD

Description

Improper download file verification vulnerability in VAIO Update 7.3.0.03150 and earlier allows remote attackers to conduct a man-in-the-middle attack via a malicous wireless LAN access point. A successful exploitation may result in a malicious file being downloaded/executed.

Affected (1)

Products: Sony: Vaio Update

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sony Vaio Update	Up to 7.3.0.03150

Related CWEs

Download of Code Without Integrity Check

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

References (4)

https://jvn.jp/en/jp/JVN13555032/index.html

Source: vultures@jpcert.or.jp

Third Party Advisory

https://www.sony.com/electronics/support/articles/00228777

Source: vultures@jpcert.or.jp

Vendor Advisory

https://jvn.jp/en/jp/JVN13555032/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.sony.com/electronics/support/articles/00228777

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.