CVE-2020-15722: 
360 Total Security vulnerability analysis and mitigation

In version 12.1.0.1004 and below of 360 Total Security, when TPI calls the browser process, there exists a local privilege escalation vulnerability. The vulnerability was discovered between May and June 2020 by a security researcher known as 'Windows no bugs' and was assigned CVE-2020-15722 (360 Security).

The vulnerability is classified as a DLL hijacking issue that allows an attacker to execute arbitrary code on the Local system. The vulnerability has a CVSS v3.1 Base Score of 7.8 (High), with the following metrics: Attack Vector: Local, Attack Complexity: Low, Privileges Required: None, User Interaction: Required, Scope: Unchanged, and Impact scores for Confidentiality, Integrity, and Availability all rated as High (AttackerKB).

A successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system with elevated privileges. The impact is significant as it affects all three security properties (Confidentiality, Integrity, and Availability) with high severity (AttackerKB).

The vulnerability has been patched by 360 Security. Users should upgrade their 360 Total Security to a version newer than 12.1.0.1004 to mitigate this vulnerability. As of the disclosure date, no information leakage or losses were reported due to this vulnerability (360 Security).

The vendor, 360 Security, acknowledged the vulnerability and awarded the researcher a bounty of 2,100 USD for the discovery. The vulnerability was part of a series of security issues reported by the same researcher, demonstrating the vendor's commitment to addressing security concerns through their bug bounty program (360 Security).