CVE-2020-7279

EUVD-2020-28406
DLL Search Order Hijacking Vulnerability in the installer component of McAfee Host Intrusion Prevention System (Host IPS) for Windows prior to 8.0.0 Patch 15 Update allows attackers with local access to execute arbitrary code via execution from a compromised folder.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.6 MEDIUM
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:N
trellixCNA
4.6 MEDIUM
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
Affected Products (NVD)
VendorProductVersion
mcafeehost_intrusion_prevention
8.0.0
mcafeehost_intrusion_prevention
8.0.0:p1
mcafeehost_intrusion_prevention
8.0.0:p10
mcafeehost_intrusion_prevention
8.0.0:p11
mcafeehost_intrusion_prevention
8.0.0:p12
mcafeehost_intrusion_prevention
8.0.0:p13
mcafeehost_intrusion_prevention
8.0.0:p14
mcafeehost_intrusion_prevention
8.0.0:p15
mcafeehost_intrusion_prevention
8.0.0:p2
mcafeehost_intrusion_prevention
8.0.0:p3
mcafeehost_intrusion_prevention
8.0.0:p4
mcafeehost_intrusion_prevention
8.0.0:p5
mcafeehost_intrusion_prevention
8.0.0:p6
mcafeehost_intrusion_prevention
8.0.0:p7
mcafeehost_intrusion_prevention
8.0.0:p8
mcafeehost_intrusion_prevention
8.0.0:p9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://kc.mcafee.com/corporate/index?page=content&id=SB10320
https://kc.mcafee.com/corporate/index?page=content&id=SB10320