vendor:
SysGauge Server
by:
Brian Rodriguez
7,8
CVSS
HIGH
Unquoted Service Path
426
CWE
Product Name: SysGauge Server
Affected Version From: 7.9.18
Affected Version To: 7.9.18
Patch Exists: NO
Related CWE: N/A
CPE: a:sysgauge:sysgauge_server:7.9.18
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 10 Enterprise 64 bits
2021
SysGauge 7.9.18 – ‘ SysGauge Server’ Unquoted Service Path
SysGauge 7.9.18 is vulnerable to Unquoted Service Path vulnerability. This vulnerability can be exploited by an attacker to gain elevated privileges on the system. The vulnerability exists due to the SysGauge Server service not properly quoting its path. An attacker can exploit this vulnerability by placing malicious files in the same directory as the service executable and then start the service.
Mitigation:
Ensure that all services have their paths properly quoted. This can be done by using the sc.exe utility to query and set the service configuration.
