CVE-2017-2286

Published Aug 2, 2017

Last updated 7 years ago

CVSS high 7.8

Overview

Description: Untrusted search path vulnerability in NFC Port Software Version 5.5.0.6 and earlier (for RC-S310, RC-S320, RC-S330, RC-S370, RC-S380, RC-S380/S), NFC Port Software Version 5.3.6.7 and earlier (for RC-S320, RC-S310/J1C, RC-S310/ED4C), PC/SC Activator for Type B Ver.1.2.1.0 and earlier, SFCard Viewer 2 Ver.2.5.0.0 and earlier, NFC Net Installer Ver.1.1.0.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Source: vultures@jpcert.or.jp
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-427

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:sony:rc-s310:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "95DFE77A-E624-40C8-BB52-DC1BA2DCFE6D"
          },
          {
            "criteria": "cpe:2.3:h:sony:rc-s320:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4D736000-7095-4F5D-9EFA-3B3CA9D90236"
          },
          {
            "criteria": "cpe:2.3:h:sony:rc-s330:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AC30D968-0F24-41BF-A856-D3A9A9585A6E"
          },
          {
            "criteria": "cpe:2.3:h:sony:rc-s370:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AC4E817B-B58D-4CF2-91EA-79A1C0C275E7"
          },
          {
            "criteria": "cpe:2.3:h:sony:rc-s380:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CB37F739-30F5-416A-9231-1C1F65636A4D"
          },
          {
            "criteria": "cpe:2.3:h:sony:rc-s380\\/s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6F5CB280-9536-4853-BDEE-AEB0EEF5F620"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:sony:nfc_port_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "58FF206E-61CB-41AE-A055-D17B9D4D3C3F",
            "versionEndIncluding": "5.5.0.6"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:sony:rc-s310\\/ed4c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "187AE859-6A0F-4995-8171-D0464D570B27"
          },
          {
            "criteria": "cpe:2.3:h:sony:rc-s310\\/j1c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1F74EB26-5AA7-44FA-9B42-1D93929C4F00"
          },
          {
            "criteria": "cpe:2.3:h:sony:rc-s320:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4D736000-7095-4F5D-9EFA-3B3CA9D90236"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:sony:nfc_port_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C391E1E-E1D8-4C91-A95D-047AAFD7455B",
            "versionEndIncluding": "5.3.6.7"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:sony:pc\\/sc_activator_for_type_b:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F090AA3D-E974-4983-854A-24825A574D81",
            "versionEndIncluding": "1.2.1.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:sony:sfcard_viewer_2:2.5.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F08CDA0-9C53-4991-A5D4-86E9F4B0686B"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:sony:nfc_net_installer:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7C79B64-38A9-437C-B153-281D4ED8A547",
            "versionEndIncluding": "1.1.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References