CVE-2017-20218
8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
Serviio PRO 1.8 contains an unquoted search path vulnerability in the Windows service that allows local users to execute arbitrary code with elevated privileges by placing malicious executables in the system root path. Additionally, improper directory permissions with full access for the Users group allow authenticated users to replace the executable file with arbitrary binaries, enabling privilege escalation during service startup or system reboot.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Serviio | Serviio PRO | 1.8.0.0 PRO | affected |
| Serviio | Serviio PRO | 1.7.1 | affected |
| Serviio | Serviio PRO | 1.7.0 | affected |
| Serviio | Serviio PRO | 1.6.1 | affected |
Weaknesses
- CWE-428: Unquoted Search Path or Element
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
References
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5405.php
- https://blogs.securiteam.com/index.php/archives/3094
- https://www.exploit-db.com/exploits/41959/
- https://packetstormsecurity.com/files/142384
- https://cxsecurity.com/issue/WLB-2017050019
- https://exchange.xforce.ibmcloud.com/vulnerabilities/125644
- https://www.vulncheck.com/advisories/serviio-pro-local-privilege-escalation-via-unquoted-path
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.