CVE-2020-15722 - Vulnerability Details

Vendors	Products
360totalsecurity	360 Total Security

Link	Providers
https://security.360.cn/News/news/id/232

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "360 Total Security", "vendor": "n/a", "versions": [{"status": "affected", "version": "12.1.0.1004"}]}], "descriptions": [{"lang": "en", "value": "In version 12.1.0.1004 and below of 360 Total Security,when TPI calls the browser process, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking could execute arbitrary code on the Local system."}], "problemTypes": [{"descriptions": [{"description": "local privilege escalation vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-07-21T17:10:21", "orgId": "40f8fa2f-7875-43d0-a30e-e901a5537754", "shortName": "360ST"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security.360.cn/News/news/id/232"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@360.cn", "ID": "CVE-2020-15722", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "360 Total Security", "version": {"version_data": [{"version_value": "12.1.0.1004"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In version 12.1.0.1004 and below of 360 Total Security,when TPI calls the browser process, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking could execute arbitrary code on the Local system."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "local privilege escalation vulnerability"}]}]}, "references": {"reference_data": [{"name": "https://security.360.cn/News/news/id/232", "refsource": "MISC", "url": "https://security.360.cn/News/news/id/232"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:22:30.838Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security.360.cn/News/news/id/232"}]}]}, "cveMetadata": {"assignerOrgId": "40f8fa2f-7875-43d0-a30e-e901a5537754", "assignerShortName": "360ST", "cveId": "CVE-2020-15722", "datePublished": "2020-07-21T17:10:21", "dateReserved": "2020-07-14T00:00:00", "dateUpdated": "2024-08-04T13:22:30.838Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : 360 Total Security (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : 12.1.0.1004 (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : In version 12.1.0.1004 and below of 360 Total Security,when TPI calls the browser process, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking could execute arbitrary code on the Local system. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : local privilege escalation vulnerability (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2020-07-21T17:10:21 (string)

orgId : 40f8fa2f-7875-43d0-a30e-e901a5537754 (string)

shortName : 360ST (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://security.360.cn/News/news/id/232 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security@360.cn (string)

ID : CVE-2020-15722 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : 360 Total Security (string)

version : { »

version_data : [ »

0 : { »

version_value : 12.1.0.1004 (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : In version 12.1.0.1004 and below of 360 Total Security,when TPI calls the browser process, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking could execute arbitrary code on the Local system. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : local privilege escalation vulnerability (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://security.360.cn/News/news/id/232 (string)

refsource : MISC (string)

url : https://security.360.cn/News/news/id/232 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T13:22:30.838Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://security.360.cn/News/news/id/232 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 40f8fa2f-7875-43d0-a30e-e901a5537754 (string)

assignerShortName : 360ST (string)

cveId : CVE-2020-15722 (string)

datePublished : 2020-07-21T17:10:21 (string)

dateReserved : 2020-07-14T00:00:00 (string)

dateUpdated : 2024-08-04T13:22:30.838Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:360totalsecurity:360_total_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "D275F40A-818B-4D1A-955A-7A9CBB49CDA0", "versionEndIncluding": "12.1.0.1004", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In version 12.1.0.1004 and below of 360 Total Security,when TPI calls the browser process, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking could execute arbitrary code on the Local system."}, {"lang": "es", "value": "En 360 ??Total Security versi\u00f3n 12.1.0.1004 y por debajo, cuando TPI llama al proceso del navegador, se presenta una vulnerabilidad de escalada de privilegios local. Un atacante que podr\u00eda explotar el secuestro de DLL podr\u00eda ejecutar c\u00f3digo arbitrario en el sistema local"}], "id": "CVE-2020-15722", "lastModified": "2024-11-21T05:06:06.400", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-07-21T18:15:20.007", "references": [{"source": "security@360.cn", "tags": ["Vendor Advisory"], "url": "https://security.360.cn/News/news/id/232"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://security.360.cn/News/news/id/232"}], "sourceIdentifier": "security@360.cn", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:360totalsecurity:360_total_security:*:*:*:*:*:*:*:* (string)

matchCriteriaId : D275F40A-818B-4D1A-955A-7A9CBB49CDA0 (string)

versionEndIncluding : 12.1.0.1004 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : In version 12.1.0.1004 and below of 360 Total Security,when TPI calls the browser process, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking could execute arbitrary code on the Local system. (string)

}

1 : { »

lang : es (string)

value : En 360 ??Total Security versión 12.1.0.1004 y por debajo, cuando TPI llama al proceso del navegador, se presenta una vulnerabilidad de escalada de privilegios local. Un atacante que podría explotar el secuestro de DLL podría ejecutar código arbitrario en el sistema local (string)

}

]

id : CVE-2020-15722 (string)

lastModified : 2024-11-21T05:06:06.400 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : COMPLETE (string)

baseScore : 6.9 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : COMPLETE (string)

vectorString : AV:L/AC:M/Au:N/C:C/I:C/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 3.4 (number)

impactScore : 10 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 7.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2020-07-21T18:15:20.007 (string)

references : [ »

0 : { »

source : security@360.cn (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://security.360.cn/News/news/id/232 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://security.360.cn/News/news/id/232 (string)

}

]

sourceIdentifier : security@360.cn (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-427 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object