CVE-2020-7279

EPSS 0.03%
Veröffentlicht 10.06.2020 12:15:11
Zuletzt bearbeitet 21.11.2024 05:36:58
Quelle trellixpsirt@trellix.com
Teams Watchlist Login
Unerledigt Login

DLL Search Order Hijacking Vulnerability in the installer component of McAfee Host Intrusion Prevention System (Host IPS) for Windows prior to 8.0.0 Patch 15 Update allows attackers with local access to execute arbitrary code via execution from a compromised folder.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mcafee ≫ Host Intrusion Prevention Version8.0.0 Update- SwPlatformwindows

Mcafee ≫ Host Intrusion Prevention Version8.0.0 Updatep1 SwPlatformwindows

Mcafee ≫ Host Intrusion Prevention Version8.0.0 Updatep10 SwPlatformwindows

Mcafee ≫ Host Intrusion Prevention Version8.0.0 Updatep11 SwPlatformwindows

Mcafee ≫ Host Intrusion Prevention Version8.0.0 Updatep12 SwPlatformwindows

Mcafee ≫ Host Intrusion Prevention Version8.0.0 Updatep13 SwPlatformwindows

Mcafee ≫ Host Intrusion Prevention Version8.0.0 Updatep14 SwPlatformwindows

Mcafee ≫ Host Intrusion Prevention Version8.0.0 Updatep15 SwPlatformwindows

Mcafee ≫ Host Intrusion Prevention Version8.0.0 Updatep2 SwPlatformwindows

Mcafee ≫ Host Intrusion Prevention Version8.0.0 Updatep3 SwPlatformwindows

Mcafee ≫ Host Intrusion Prevention Version8.0.0 Updatep4 SwPlatformwindows

Mcafee ≫ Host Intrusion Prevention Version8.0.0 Updatep5 SwPlatformwindows

Mcafee ≫ Host Intrusion Prevention Version8.0.0 Updatep6 SwPlatformwindows

Mcafee ≫ Host Intrusion Prevention Version8.0.0 Updatep7 SwPlatformwindows

Mcafee ≫ Host Intrusion Prevention Version8.0.0 Updatep8 SwPlatformwindows

Mcafee ≫ Host Intrusion Prevention Version8.0.0 Updatep9 SwPlatformwindows

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.089

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	4.4	3.4	6.4	AV:L/AC:M/Au:N/C:P/I:P/A:P
trellixpsirt@trellix.com	4.6	0.3	4.2	CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:N

CWE-426 Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

https://kc.mcafee.com/corporate/index?page=content&id=SB10320

https://nvd.nist.gov/vuln/detail/CVE-2020-7279

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-7279

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-7279

EUVD