cnvd - cnvd-2019-42742

cnvd-2019-42742

Vulnerability from cnvd

Title

Sony VAIO Update授权问题漏洞

Description

Sony VAIO Update是日本索尼（Sony）公司的一款Sony VAIO电脑中预置的系统更新工具。 Sony VAIO Update 7.3.0.03150及之前版本中存在授权问题漏洞。该漏洞源于网络系统或产品中缺少身份验证措施或身份验证强度不足。攻击者可利用该漏洞通过未指定的媒介以管理特权执行任意可执行文件。

Severity

中

Patch Name

Sony VAIO Update授权问题漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.sony.com/electronics/support/articles/00228777

Reference

https://www.sony.com/electronics/support/articles/00228777

Impacted products

Name
Sony Sony VAIO Update <=7.3.0.03150

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-5981",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-5981"
    }
  },
  "description": "Sony VAIO Update\u662f\u65e5\u672c\u7d22\u5c3c\uff08Sony\uff09\u516c\u53f8\u7684\u4e00\u6b3eSony VAIO\u7535\u8111\u4e2d\u9884\u7f6e\u7684\u7cfb\u7edf\u66f4\u65b0\u5de5\u5177\u3002\n\nSony VAIO Update 7.3.0.03150\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u4e2d\u7f3a\u5c11\u8eab\u4efd\u9a8c\u8bc1\u63aa\u65bd\u6216\u8eab\u4efd\u9a8c\u8bc1\u5f3a\u5ea6\u4e0d\u8db3\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u672a\u6307\u5b9a\u7684\u5a92\u4ecb\u4ee5\u7ba1\u7406\u7279\u6743\u6267\u884c\u4efb\u610f\u53ef\u6267\u884c\u6587\u4ef6\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.sony.com/electronics/support/articles/00228777",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-42742",
  "openTime": "2019-11-28",
  "patchDescription": "Sony VAIO Update\u662f\u65e5\u672c\u7d22\u5c3c\uff08Sony\uff09\u516c\u53f8\u7684\u4e00\u6b3eSony VAIO\u7535\u8111\u4e2d\u9884\u7f6e\u7684\u7cfb\u7edf\u66f4\u65b0\u5de5\u5177\u3002\r\n\r\nSony VAIO Update 7.3.0.03150\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u4e2d\u7f3a\u5c11\u8eab\u4efd\u9a8c\u8bc1\u63aa\u65bd\u6216\u8eab\u4efd\u9a8c\u8bc1\u5f3a\u5ea6\u4e0d\u8db3\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u672a\u6307\u5b9a\u7684\u5a92\u4ecb\u4ee5\u7ba1\u7406\u7279\u6743\u6267\u884c\u4efb\u610f\u53ef\u6267\u884c\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Sony VAIO Update\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Sony Sony VAIO Update \u003c=7.3.0.03150"
  },
  "referenceLink": "https://www.sony.com/electronics/support/articles/00228777",
  "serverity": "\u4e2d",
  "submitTime": "2019-06-25",
  "title": "Sony VAIO Update\u6388\u6743\u95ee\u9898\u6f0f\u6d1e"
}

CVE-2019-5981 (GCVE-0-2019-5981)

Vulnerability from cvelistv5

Published

2019-07-05 13:20

Modified

2024-08-04 20:09

Severity ?

CWE

Improper Authorization

Summary

Improper authorization vulnerability in VAIO Update 7.3.0.03150 and earlier allows an attackers to execute arbitrary executable file with administrative privilege via unspecified vectors.

References

URL

Tags

	https://www.sony.com/electronics/support/articles/00228777	x_refsource_MISC
	https://jvn.jp/en/jp/JVN13555032/index.html	x_refsource_MISC