CVE-2020-37058

Summary

Andrea ST Filters Service 1.0.64.7 contains an unquoted service path vulnerability in its Windows service configuration. Local attackers can exploit the unquoted path to inject malicious code that will execute with elevated LocalSystem privileges during service startup.

Affected Software

VendorProductVersion RangeStatus
Andrea ElectronicsAndrea ST Filters Service1.0.64.7affected

Weaknesses

  • CWE-428: Unquoted Search Path or Element

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References