← Retour aux CVEs
CVE-2020-7360
HIGH7.4
Description
An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. This issue was fixed in version 1.0.7, which was released after April 15, 2020. (Note, the version numbering system changed significantly between version 4.3.15 and version 1.0.7.)
Details CVE
Score CVSS v3.17.4
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
Vecteur d'attaqueLOCAL
ComplexiteHIGH
Privileges requisLOW
Interaction utilisateurREQUIRED
Publie8/13/2020
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
philips:smartcontrol
Faiblesses (CWE)
CWE-427CWE-427
References
https://blog.vonahi.io/when-the-path-to-system-is-wide-open/(cve@rapid7.com)
https://blog.vonahi.io/when-the-path-to-system-is-wide-open/(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.