Sign-up

ID

VAR-202008-1013


CVE

CVE-2020-7360


TITLE

SmartControl Vulnerability in uncontrolled search path elements in

Trust: 0.8

sources: JVNDB: JVNDB-2020-009472

DESCRIPTION

An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. This issue was fixed in version 1.0.7, which was released after April 15, 2020. (Note, the version numbering system changed significantly between version 4.3.15 and version 1.0.7.). SmartControl There is a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. A code issue vulnerability exists in Philips SmartControl version 4.3.15 and versions earlier than 2020-4-15. An attacker can exploit this vulnerability to elevate privileges with a specially crafted DLL file

Trust: 1.71

sources: NVD: CVE-2020-7360 // JVNDB: JVNDB-2020-009472 // VULHUB: VHN-185485

AFFECTED PRODUCTS

vendor:philipsmodel:smartcontrolscope:lteversion:4.3.15

Trust: 1.0

vendor:philipsmodel:smartcontrolscope:eqversion:2020/4/15 にリリースされたバージョン

Trust: 0.8

vendor:philipsmodel:smartcontrolscope:eqversion:4.3.15

Trust: 0.8

sources: JVNDB: JVNDB-2020-009472 // NVD: CVE-2020-7360

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-7360
value: HIGH

Trust: 1.0

cve@rapid7.com: CVE-2020-7360
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-009472
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202008-764
value: HIGH

Trust: 0.6

VULHUB: VHN-185485
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-7360
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-009472
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-185485
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-7360
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.3
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@rapid7.com: CVE-2020-7360
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 0.8
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-009472
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-185485 // JVNDB: JVNDB-2020-009472 // CNNVD: CNNVD-202008-764 // NVD: CVE-2020-7360 // NVD: CVE-2020-7360

PROBLEMTYPE DATA

problemtype:CWE-427

Trust: 1.9

sources: VULHUB: VHN-185485 // JVNDB: JVNDB-2020-009472 // NVD: CVE-2020-7360

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202008-764

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202008-764

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-009472

PATCH
title:Curved LCD monitor with Ultra Wide-Colorurl:https://www.philips.co.uk/c-p/248E9QHSB_00/curved-lcd-monitor-with-ultra-wide-color/support
Trust: 0.8
title:Philips SmartControl Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126417
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-009472 // 
            
            
            
            CNNVD: CNNVD-202008-764

EXTERNAL IDS
db:NVDid:CVE-2020-7360
Trust: 2.5
db:JVNDBid:JVNDB-2020-009472
Trust: 0.8
db:CNNVDid:CNNVD-202008-764
Trust: 0.7
db:VULHUBid:VHN-185485
Trust: 0.1
sources:
            
            
            VULHUB: VHN-185485 // 
            
            
            
            JVNDB: JVNDB-2020-009472 // 
            
            
            
            CNNVD: CNNVD-202008-764 // 
            
            
            
            NVD: CVE-2020-7360

REFERENCES
url:https://blog.vonahi.io/when-the-path-to-system-is-wide-open/
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2020-7360
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7360
Trust: 0.8
sources:
            
            
            VULHUB: VHN-185485 // 
            
            
            
            JVNDB: JVNDB-2020-009472 // 
            
            
            
            CNNVD: CNNVD-202008-764 // 
            
            
            
            NVD: CVE-2020-7360

SOURCES
db:VULHUBid:VHN-185485
db:JVNDBid:JVNDB-2020-009472
db:CNNVDid:CNNVD-202008-764
db:NVDid:CVE-2020-7360

LAST UPDATE DATE
2024-11-23T22:44:27.385000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-185485date:2020-08-19T00:00:00
db:JVNDBid:JVNDB-2020-009472date:2020-11-09T07:13:44
db:CNNVDid:CNNVD-202008-764date:2021-01-05T00:00:00
db:NVDid:CVE-2020-7360date:2024-11-21T05:37:06.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-185485date:2020-08-13T00:00:00
db:JVNDBid:JVNDB-2020-009472date:2020-11-09T07:13:44
db:CNNVDid:CNNVD-202008-764date:2020-08-13T00:00:00
db:NVDid:CVE-2020-7360date:2020-08-13T19:15:14.113