An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. This issue was fixed in version 1.0.7, which was released after April 15, 2020. (Note, the version numbering system changed significantly between version 4.3.15 and version 1.0.7.)
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://blog.vonahi.io/when-the-path-to-system-is-wide-open/ |
History
No history.
MITRE
Status: PUBLISHED
Assigner: rapid7
Published: 2020-08-13T19:05:15.783973Z
Updated: 2024-09-17T01:21:03.461Z
Reserved: 2020-01-21T00:00:00
Link: CVE-2020-7360
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-08-13T19:15:14.113
Modified: 2020-08-19T21:26:02.727
Link: CVE-2020-7360
Redhat
No data.