CVE-2020-7279

CWE-4263 documents3 sources

Severity

7.8HIGH

EPSS

0.2%

top 61.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee, LLC Mcafee Host Intrusion Prevention System (host Ips) FOR Windows Mcafee Host Intrusion Prevention

Timeline

PublishedJun 10

Latest updateMay 24

Description

DLL Search Order Hijacking Vulnerability in the installer component of McAfee Host Intrusion Prevention System (Host IPS) for Windows prior to 8.0.0 Patch 15 Update allows attackers with local access to execute arbitrary code via execution from a compromised folder.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:NExploitability: 0.3 | Impact: 4.2

Affected Packages2 packages

▶CVEListV5mcafee,_llc/mcafee_host_intrusion_prevention_system_(host_ips)_for_windows8.0.x — 8.0.0 Patch 15 update

▶NVDmcafee/host_intrusion_prevention8.0.0

🔴Vulnerability Details

GHSA

GHSA-p29m-rh76-2857: DLL Search Order Hijacking Vulnerability in the installer component of McAfee Host Intrusion Prevention System (Host IPS) for Windows prior to 8↗2022-05-24

▶

CVEList

DLL search order hijacking in Host IPS↗2020-06-10

▶