CVE-2024-58288

Summary

Genexus Protection Server 9.7.2.10 contains an unquoted service path vulnerability in the protsrvservice Windows service configuration. Attackers can exploit the unquoted binary path to execute arbitrary code with elevated LocalSystem privileges by placing malicious executables in specific file system locations.

Affected Software

VendorProductVersion RangeStatus
GenexusGenexus Protection Server9.7.2.10affected

Weaknesses

  • CWE-428: CWE-428: Unquoted Search Path or Element

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

References