← Zuruck zu CVEs
CVE-2020-7360
HIGH7.4
Beschreibung
An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. This issue was fixed in version 1.0.7, which was released after April 15, 2020. (Note, the version numbering system changed significantly between version 4.3.15 and version 1.0.7.)
CVE Details
CVSS v3.1 Bewertung7.4
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
AngriffsvektorLOCAL
KomplexitatHIGH
Erforderliche PrivilegienLOW
BenutzerinteraktionREQUIRED
Veroffentlicht8/13/2020
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
philips:smartcontrol
Schwachen (CWE)
CWE-427CWE-427
Referenzen
https://blog.vonahi.io/when-the-path-to-system-is-wide-open/(cve@rapid7.com)
https://blog.vonahi.io/when-the-path-to-system-is-wide-open/(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.