Lucene search

Rapid7CVELIST:CVE-2020-7360

HistoryAug 06, 2020 - 12:00 a.m.

CVE-2020-7360 Philips SmartControl DLL Hijacking

2020-08-0600:00:00

CWE-427

rapid7

www.cve.org

7.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L

0.001 Low

EPSS

Percentile

20.2%

JSON

An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. This issue was fixed in version 1.0.7, which was released after April 15, 2020. (Note, the version numbering system changed significantly between version 4.3.15 and version 1.0.7.)

CNA Affected

[
  {
    "product": "SmartControl",
    "vendor": "Philips",
    "versions": [
      {
        "status": "affected",
        "version": "4.3.15"
      },
      {
        "status": "unaffected",
        "version": "1.0.7"
      }
    ]
  }
]

References

blog.vonahi.io/when-the-path-to-system-is-wide-open/

7.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L

0.001 Low

EPSS

Percentile

20.2%

JSON

Related for CVELIST:CVE-2020-7360