header-logo
Suggest Exploit
vendor:
BOOTP Turbo
by:
boku
5.5
CVSS
MEDIUM
Unquoted Service Path
428
CWE
Product Name: BOOTP Turbo
Affected Version From: 2.0.1214
Affected Version To: 2.0.1214
Patch Exists: NO
Related CWE:
CPE: a:weird_solutions:bootp_turbo:2.0.1214
Metasploit:
Other Scripts:
Platforms Tested: Windows 10 (32-bit)
2020

BOOTP Turbo 2.0.1214 – ‘BOOTP Turbo’ Unquoted Service Path

The BOOTP Turbo software version 2.0.1214 is vulnerable to an unquoted service path vulnerability. This vulnerability could allow an attacker to escalate privileges by placing a malicious executable in the system's PATH environment variable.

Mitigation:

To mitigate this vulnerability, it is recommended to update to the latest version of BOOTP Turbo or uninstall the software if not needed. Additionally, users can manually update the service path to include double quotes around the executable path.
Source

Exploit-DB raw data:

# Exploit Title: BOOTP Turbo 2.0.1214 - 'BOOTP Turbo' Unquoted Service Path
# Exploit Author: boku
# Date: 2020-02-10
# Vendor Homepage: https://www.weird-solutions.com
# Software Link: https://www.weird-solutions.com/download/products/bootpt_demo_IA32.exe
# Version: 2.0.1214
# Tested On: Windows 10 (32-bit)

C:\Users\user>wmic service get name, pathname, startmode | findstr "BOOTP" | findstr /i /v """
BOOTP Turbo                               C:\Program Files\BOOTP Turbo\bootpt.exe                                            Auto

C:\Users\user>sc qc "BOOTP Turbo"
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: BOOTP Turbo
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files\BOOTP Turbo\bootpt.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : BOOTP Turbo
        DEPENDENCIES       : Nsi
                           : Afd
                           : NetBT
                           : Tcpip
        SERVICE_START_NAME : LocalSystem

Navigation

Suggest Exploit

Services By CQR