← Back to CVEs
CVE-2020-7360
HIGH7.4
Description
An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. This issue was fixed in version 1.0.7, which was released after April 15, 2020. (Note, the version numbering system changed significantly between version 4.3.15 and version 1.0.7.)
CVE Details
CVSS v3.1 Score7.4
SeverityHIGH
CVSS VectorCVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
Attack VectorLOCAL
ComplexityHIGH
Privileges RequiredLOW
User InteractionREQUIRED
Published8/13/2020
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
philips:smartcontrol
Weaknesses (CWE)
CWE-427CWE-427
References
https://blog.vonahi.io/when-the-path-to-system-is-wide-open/(cve@rapid7.com)
https://blog.vonahi.io/when-the-path-to-system-is-wide-open/(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.