CVE-2020-7360: Philips SmartControl DLL Hijacking
First published: Thu Aug 13 2020(Updated: )
An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. This issue was fixed in version 1.0.7, which was released after April 15, 2020. (Note, the version numbering system changed significantly between version 4.3.15 and version 1.0.7.)
Credit: cve@rapid7.con
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Philips Smartcontrol | <=4.3.15 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this SmartControl vulnerability?
The vulnerability ID for this SmartControl vulnerability is CVE-2020-7360.
What is the severity of CVE-2020-7360?
CVE-2020-7360 has a severity rating of 7.3 (high).
What is the CWE ID for this vulnerability?
The CWE ID for this vulnerability is CWE-427.
How does CVE-2020-7360 affect the SmartControl software?
CVE-2020-7360 allows an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path, affecting SmartControl version 4.3.15 and versions released before April 15, 2020.
How can I fix CVE-2020-7360?
To fix CVE-2020-7360, users should update to version 1.0.7 or later of SmartControl, which includes the necessary fix.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/title
- agent/author
- agent/weakness
- agent/references
- agent/event
- agent/tags
- agent/description
- agent/first-publish-date
- vendor/philips
- canonical/philips smartcontrol
- version/philips smartcontrol/4.3.15