← Voltar para CVEs
CVE-2020-7360
HIGH7.4
Descricao
An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. This issue was fixed in version 1.0.7, which was released after April 15, 2020. (Note, the version numbering system changed significantly between version 4.3.15 and version 1.0.7.)
Detalhes CVE
Pontuacao CVSS v3.17.4
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
Vetor de ataqueLOCAL
ComplexidadeHIGH
Privilegios necessariosLOW
Interacao do usuarioREQUIRED
Publicado8/13/2020
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
philips:smartcontrol
Fraquezas (CWE)
CWE-427CWE-427
Referencias
https://blog.vonahi.io/when-the-path-to-system-is-wide-open/(cve@rapid7.com)
https://blog.vonahi.io/when-the-path-to-system-is-wide-open/(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.