CVE-2019-5982

HIGH

Sony Vaio Update < 7.3.0.03150 - Download Without Integrity Check

Title source: rule

Description

Improper download file verification vulnerability in VAIO Update 7.3.0.03150 and earlier allows remote attackers to conduct a man-in-the-middle attack via a malicous wireless LAN access point. A successful exploitation may result in a malicious file being downloaded/executed.

References (2)

[Vendor Advisory] https://www.sony.com/electronics/support/articles/00228777

[Third Party Advisory] https://jvn.jp/en/jp/JVN13555032/index.html

Scores

CVSS v3 7.5

EPSS 0.0012

EPSS Percentile 30.1%

Attack Vector ADJACENT_NETWORK

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-494

Status published

Products (1)

sony/vaio_update < 7.3.0.03150

Published Jul 05, 2019

Tracked Since Feb 18, 2026