CVE-2020-7279

DLL Search Order Hijacking Vulnerability in the installer component of McAfee Host Intrusion Prevention System (Host IPS) for Windows prior to 8.0.0 Patch 15 Update allows attackers with local access to execute arbitrary code via execution from a compromised folder.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.6 MEDIUM
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:N
trellixCNA
4.6 MEDIUM
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
VendorProductVersion
mcafeehost_intrusion_prevention
8.0.0
mcafeehost_intrusion_prevention
8.0.0:p1
mcafeehost_intrusion_prevention
8.0.0:p10
mcafeehost_intrusion_prevention
8.0.0:p11
mcafeehost_intrusion_prevention
8.0.0:p12
mcafeehost_intrusion_prevention
8.0.0:p13
mcafeehost_intrusion_prevention
8.0.0:p14
mcafeehost_intrusion_prevention
8.0.0:p15
mcafeehost_intrusion_prevention
8.0.0:p2
mcafeehost_intrusion_prevention
8.0.0:p3
mcafeehost_intrusion_prevention
8.0.0:p4
mcafeehost_intrusion_prevention
8.0.0:p5
mcafeehost_intrusion_prevention
8.0.0:p6
mcafeehost_intrusion_prevention
8.0.0:p7
mcafeehost_intrusion_prevention
8.0.0:p8
mcafeehost_intrusion_prevention
8.0.0:p9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://kc.mcafee.com/corporate/index?page=content&id=SB10320
https://kc.mcafee.com/corporate/index?page=content&id=SB10320