var-201708-0799
Vulnerability from variot
Untrusted search path vulnerability in NFC Port Software Version 5.5.0.6 and earlier (for RC-S310, RC-S320, RC-S330, RC-S370, RC-S380, RC-S380/S), NFC Port Software Version 5.3.6.7 and earlier (for RC-S320, RC-S310/J1C, RC-S310/ED4C), PC/SC Activator for Type B Ver.1.2.1.0 and earlier, SFCard Viewer 2 Ver.2.5.0.0 and earlier, NFC Net Installer Ver.1.1.0.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. PaSoRi provided by Sony Corporation is contactless IC card reader/writer. Installers of PaSoRi driver and other related software for Windows contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Arbitrary code may be executed with the privilege of the user invoking the installer. Sony NFC Port Software, etc. are all products of Sony Corporation of Japan. Sony NFC Port Software is a set of NFC interface software. PC/SC Activator for Type B is a Type B interface support software. An untrusted search path vulnerability exists in several Sony products. A remote attacker can exploit this vulnerability to obtain permissions with the help of malicious DLLs in the directory
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-0799",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sfcard viewer 2",
"scope": "eq",
"trust": 1.6,
"vendor": "sony",
"version": "2.5.0.0"
},
{
"model": "nfc port",
"scope": "lte",
"trust": 1.0,
"vendor": "sony",
"version": "5.5.0.6"
},
{
"model": "nfc net installer",
"scope": "lte",
"trust": 1.0,
"vendor": "sony",
"version": "1.1.0.0"
},
{
"model": "pc\\/sc activator for type b",
"scope": "lte",
"trust": 1.0,
"vendor": "sony",
"version": "1.2.1.0"
},
{
"model": "nfc port",
"scope": "lte",
"trust": 1.0,
"vendor": "sony",
"version": "5.3.6.7"
},
{
"model": "nfc net installer",
"scope": "lte",
"trust": 0.8,
"vendor": "sony",
"version": "ver.1.1.0.0"
},
{
"model": "nfc port software",
"scope": "lte",
"trust": 0.8,
"vendor": "sony",
"version": "version 5.3.6.7 products: rc-s320, rc-s310/j1c, rc-s310/ed4c"
},
{
"model": "nfc port software",
"scope": "lte",
"trust": 0.8,
"vendor": "sony",
"version": "version 5.5.0.6 products: rc-s310, rc-s320, rc-s330, rc-s370, rc-s380, rc-s380/s"
},
{
"model": "pc/sc activator for type b",
"scope": "lte",
"trust": 0.8,
"vendor": "sony",
"version": "ver.1.2.1.0"
},
{
"model": "sfcard viewer 2",
"scope": "lte",
"trust": 0.8,
"vendor": "sony",
"version": "ver.2.5.0.0"
},
{
"model": "nfc port",
"scope": "eq",
"trust": 0.6,
"vendor": "sony",
"version": "5.3.6.7"
},
{
"model": "pc\\/sc activator for type b",
"scope": "eq",
"trust": 0.6,
"vendor": "sony",
"version": "1.2.1.0"
},
{
"model": "nfc net installer",
"scope": "eq",
"trust": 0.6,
"vendor": "sony",
"version": "1.1.0.0"
},
{
"model": "nfc port",
"scope": "eq",
"trust": 0.6,
"vendor": "sony",
"version": "5.5.0.6"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000189"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-078"
},
{
"db": "NVD",
"id": "CVE-2017-2286"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:sony:nfc_net_installer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:sony:nfc_port_software_%28formerly_felica_port_software%29",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:sony:pc%2Fsc_activator_for_type_b",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:sony:sfcard_viewer_2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000189"
}
]
},
"cve": "CVE-2017-2286",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2017-2286",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-000189",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-110489",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2017-2286",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-000189",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-2286",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2017-000189",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-078",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-110489",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110489"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000189"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-078"
},
{
"db": "NVD",
"id": "CVE-2017-2286"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Untrusted search path vulnerability in NFC Port Software Version 5.5.0.6 and earlier (for RC-S310, RC-S320, RC-S330, RC-S370, RC-S380, RC-S380/S), NFC Port Software Version 5.3.6.7 and earlier (for RC-S320, RC-S310/J1C, RC-S310/ED4C), PC/SC Activator for Type B Ver.1.2.1.0 and earlier, SFCard Viewer 2 Ver.2.5.0.0 and earlier, NFC Net Installer Ver.1.1.0.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. PaSoRi provided by Sony Corporation is contactless IC card reader/writer. Installers of PaSoRi driver and other related software for Windows contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Arbitrary code may be executed with the privilege of the user invoking the installer. Sony NFC Port Software, etc. are all products of Sony Corporation of Japan. Sony NFC Port Software is a set of NFC interface software. PC/SC Activator for Type B is a Type B interface support software. An untrusted search path vulnerability exists in several Sony products. A remote attacker can exploit this vulnerability to obtain permissions with the help of malicious DLLs in the directory",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2286"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000189"
},
{
"db": "VULHUB",
"id": "VHN-110489"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2286",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVN16136413",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000189",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-078",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-110489",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110489"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000189"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-078"
},
{
"db": "NVD",
"id": "CVE-2017-2286"
}
]
},
"id": "VAR-201708-0799",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-110489"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:12:24.412000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "New installer with security fixes for users of the USB NFC reader for Windows",
"trust": 0.8,
"url": "https://www.sony.net/Products/felica/business/information/170725.html"
},
{
"title": "Multiple Sony Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75599"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000189"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-078"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-427",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110489"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000189"
},
{
"db": "NVD",
"id": "CVE-2017-2286"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/en/jp/jvn16136413/index.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2286"
},
{
"trust": 0.8,
"url": "http://jvn.jp/en/ta/jvnta91240916/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2286"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110489"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000189"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-078"
},
{
"db": "NVD",
"id": "CVE-2017-2286"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-110489"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000189"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-078"
},
{
"db": "NVD",
"id": "CVE-2017-2286"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-02T00:00:00",
"db": "VULHUB",
"id": "VHN-110489"
},
{
"date": "2017-07-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000189"
},
{
"date": "2017-08-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-078"
},
{
"date": "2017-08-02T16:29:00.597000",
"db": "NVD",
"id": "CVE-2017-2286"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-23T00:00:00",
"db": "VULHUB",
"id": "VHN-110489"
},
{
"date": "2018-01-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000189"
},
{
"date": "2017-10-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-078"
},
{
"date": "2024-11-21T03:23:12.800000",
"db": "NVD",
"id": "CVE-2017-2286"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-078"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Installers of Sony PaSoRi related software may insecurely load Dynamic Link Libraries",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000189"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-078"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…