← Volver a CVEs
CVE-2020-7360
HIGH7.4
Descripcion
An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. This issue was fixed in version 1.0.7, which was released after April 15, 2020. (Note, the version numbering system changed significantly between version 4.3.15 and version 1.0.7.)
Detalles CVE
Puntuacion CVSS v3.17.4
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
Vector de ataqueLOCAL
ComplejidadHIGH
Privilegios requeridosLOW
Interaccion usuarioREQUIRED
Publicado8/13/2020
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
philips:smartcontrol
Debilidades (CWE)
CWE-427CWE-427
Referencias
https://blog.vonahi.io/when-the-path-to-system-is-wide-open/(cve@rapid7.com)
https://blog.vonahi.io/when-the-path-to-system-is-wide-open/(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.