CVE-2020-15723 : Security Advisory and Response
Discover the impact of CVE-2020-15723 on 360 Total Security. Learn about the local privilege escalation vulnerability in version 12.1.0.1004 and below, allowing attackers to execute arbitrary code.
360 Total Security version 12.1.0.1004 and below contain a local privilege escalation vulnerability when the main process calls GameChrome.exe, allowing attackers to execute arbitrary code on the local system.
Understanding CVE-2020-15723
In this CVE, a specific version of 360 Total Security is susceptible to a local privilege escalation vulnerability.
What is CVE-2020-15723?
This CVE refers to a security flaw in 360 Total Security version 12.1.0.1004 and earlier, enabling attackers to escalate privileges locally.
The Impact of CVE-2020-15723
The vulnerability allows attackers to execute arbitrary code on the local system by exploiting DLL hijacking to bypass the hips.
Technical Details of CVE-2020-15723
360 Total Security version 12.1.0.1004 and below are affected by this vulnerability.
Vulnerability Description
The main process of 360 Total Security calling GameChrome.exe triggers a local privilege escalation vulnerability.
Affected Systems and Versions
- Product: 360 Total Security
- Version: 12.1.0.1004
Exploitation Mechanism
Attackers can exploit DLL hijacking to bypass the hips and execute arbitrary code on the local system.
Mitigation and Prevention
To address CVE-2020-15723, follow these steps:
Immediate Steps to Take
- Update 360 Total Security to a patched version.
- Monitor for any suspicious activities on the system.
Long-Term Security Practices
- Regularly update all software and applications to prevent vulnerabilities.
- Implement least privilege access to limit potential damage from exploits.
Patching and Updates
- Apply security patches provided by 360 Total Security promptly to mitigate the vulnerability.