CVE-2020-7279

Published Jun 10, 2020

Last updated a year ago

CVSS high 7.8

Overview

Description: DLL Search Order Hijacking Vulnerability in the installer component of McAfee Host Intrusion Prevention System (Host IPS) for Windows prior to 8.0.0 Patch 15 Update allows attackers with local access to execute arbitrary code via execution from a compromised folder.
Source: trellixpsirt@trellix.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 4.4
Impact score: 6.4
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-426
trellixpsirt@trellix.com: CWE-426

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mcafee:host_intrusion_prevention:8.0.0:-:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D29F5F35-ED8B-4163-B51A-3A6ED8D34AF0"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:host_intrusion_prevention:8.0.0:p1:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "812EFDC0-EC1C-484D-8F00-33DE2FD05877"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:host_intrusion_prevention:8.0.0:p10:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BF8F5CAC-AB88-4F6C-833C-D67A7F3F0AD4"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:host_intrusion_prevention:8.0.0:p11:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "813020FB-4321-4ED1-BCDB-703E27593279"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:host_intrusion_prevention:8.0.0:p12:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1FF1226-355B-44C1-BBED-487CF5983D00"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:host_intrusion_prevention:8.0.0:p13:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A1B6BAE8-8F23-4CEC-B6A4-83013A68DE5A"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:host_intrusion_prevention:8.0.0:p14:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB126816-CC02-42C4-A989-F1851CC61897"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:host_intrusion_prevention:8.0.0:p15:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C726287-2376-4DF4-9D0C-DE48E2817DA9"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:host_intrusion_prevention:8.0.0:p2:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "88D2074F-ACDD-439C-8510-D1CC71B75964"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:host_intrusion_prevention:8.0.0:p3:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "40400B28-8CE4-4C25-84A4-0F7A75E6BBED"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:host_intrusion_prevention:8.0.0:p4:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD6376B5-5495-4667-9DB7-8AB8C82D3A22"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:host_intrusion_prevention:8.0.0:p5:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D61448FA-F1FA-459F-844D-F2939CFF68EB"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:host_intrusion_prevention:8.0.0:p6:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4087786-B1F1-41B5-B9A6-CD74FA29A3C8"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:host_intrusion_prevention:8.0.0:p7:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA8CEC96-498C-4FA4-8DE2-1157341DF630"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:host_intrusion_prevention:8.0.0:p8:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CFC44C55-8C5D-49A8-8FE3-4976CD73D18C"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:host_intrusion_prevention:8.0.0:p9:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0EC11722-2265-4E0E-9B16-1692B03B5850"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References