PT-2020-19521 · Mcafee · Mcafee Host Intrusion Prevention System

Published

2020-06-10

Updated

2022-06-02

CVE-2020-7279

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions McAfee Host Intrusion Prevention System (Host IPS) for Windows versions prior to 8.0.0 Patch 15 Update

Description The issue allows attackers with local access to execute arbitrary code via execution from a compromised folder. This is due to a DLL Search Order Hijacking Vulnerability in the installer component.

Recommendations For versions prior to 8.0.0 Patch 15 Update, update to 8.0.0 Patch 15 Update or later to resolve the issue. As a temporary workaround, consider restricting access to compromised folders to minimize the risk of exploitation.

Fix

Untrusted Search Path

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-426

Related Identifiers

CVE-2020-7279

Affected Products

Mcafee Host Intrusion Prevention System

PT-2020-19521 · Mcafee · Mcafee Host Intrusion Prevention System

CVE-2020-7279

Weakness Enumeration

Related Identifiers

Affected Products

References · 4