CVE-2020-7360
HIGHPhilips SmartControl < 4.3.15 - Authenticated Privilege Escalation via DLL Search Path Hijacking
Title source: llmDescription
An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. This issue was fixed in version 1.0.7, which was released after April 15, 2020. (Note, the version numbering system changed significantly between version 4.3.15 and version 1.0.7.)
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://blog.vonahi.io/when-the-path-to-system-is-wide-open/
Scores
CVSS v3
7.4
EPSS
0.0049
EPSS Percentile
38.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
Details
CWE
CWE-427
Status
published
Products (1)
philips/smartcontrol
< 4.3.15
Published
Aug 13, 2020
Tracked Since
Feb 18, 2026