7.8
CVE-2020-7279
- EPSS 0.03%
- Published 10.06.2020 12:15:11
- Last modified 21.11.2024 05:36:58
- Source trellixpsirt@trellix.com
- Teams watchlist Login
- Open Login
DLL Search Order Hijacking Vulnerability in the installer component of McAfee Host Intrusion Prevention System (Host IPS) for Windows prior to 8.0.0 Patch 15 Update allows attackers with local access to execute arbitrary code via execution from a compromised folder.
Data is provided by the National Vulnerability Database (NVD)
Mcafee ≫ Host Intrusion Prevention Version8.0.0 Update- SwPlatformwindows
Mcafee ≫ Host Intrusion Prevention Version8.0.0 Updatep1 SwPlatformwindows
Mcafee ≫ Host Intrusion Prevention Version8.0.0 Updatep10 SwPlatformwindows
Mcafee ≫ Host Intrusion Prevention Version8.0.0 Updatep11 SwPlatformwindows
Mcafee ≫ Host Intrusion Prevention Version8.0.0 Updatep12 SwPlatformwindows
Mcafee ≫ Host Intrusion Prevention Version8.0.0 Updatep13 SwPlatformwindows
Mcafee ≫ Host Intrusion Prevention Version8.0.0 Updatep14 SwPlatformwindows
Mcafee ≫ Host Intrusion Prevention Version8.0.0 Updatep15 SwPlatformwindows
Mcafee ≫ Host Intrusion Prevention Version8.0.0 Updatep2 SwPlatformwindows
Mcafee ≫ Host Intrusion Prevention Version8.0.0 Updatep3 SwPlatformwindows
Mcafee ≫ Host Intrusion Prevention Version8.0.0 Updatep4 SwPlatformwindows
Mcafee ≫ Host Intrusion Prevention Version8.0.0 Updatep5 SwPlatformwindows
Mcafee ≫ Host Intrusion Prevention Version8.0.0 Updatep6 SwPlatformwindows
Mcafee ≫ Host Intrusion Prevention Version8.0.0 Updatep7 SwPlatformwindows
Mcafee ≫ Host Intrusion Prevention Version8.0.0 Updatep8 SwPlatformwindows
Mcafee ≫ Host Intrusion Prevention Version8.0.0 Updatep9 SwPlatformwindows
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.089 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.4 | 3.4 | 6.4 |
AV:L/AC:M/Au:N/C:P/I:P/A:P
|
| trellixpsirt@trellix.com | 4.6 | 0.3 | 4.2 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:N
|
CWE-426 Untrusted Search Path
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.