WibuKey Runtime 6.51 - 'WkSvW32.exe' Unquoted Service Path

vendor:

WibuKey Runtime

by:

Brian Rodriguez

5.5

CVSS

MEDIUM

Unquoted Service Path

428

CWE

Product Name: WibuKey Runtime

Affected Version From: 6.51

Affected Version To: 6.51

Patch Exists: NO

Related CWE:

CPE: a:wibukey:runtime:6.51

Metasploit:

Other Scripts:

Platforms Tested: Windows 10 Enterprise

2021

WibuKey Runtime 6.51 – ‘WkSvW32.exe’ Unquoted Service Path

The WibuKey Runtime version 6.51 is affected by an unquoted service path vulnerability. The service 'WkSvW32.exe' has an unquoted service path, which can be exploited by an attacker to escalate privileges and execute arbitrary code with elevated permissions. By placing a malicious executable with the same name in a higher-priority directory in the system's PATH environment variable, the attacker can trick the system into executing the malicious code instead of the legitimate service executable.

Mitigation:

To mitigate this vulnerability, the vendor should update the WibuKey Runtime software to ensure that the service executable's path is properly quoted. Users should also ensure that their systems are up-to-date with the latest software patches and security updates.

Source

Exploit-DB raw data:

# Exploit Title: WibuKey Runtime 6.51 - 'WkSvW32.exe' Unquoted Service Path
# Discovery by: Brian Rodriguez
# Date: 13-06-2021
# Vendor Homepage: https://www.wibu.com
# Software Links: https://www.wibu.com/us/support/user/downloads-user-software/file/download/5792.html
# Tested Version: 6.51
# Vulnerability Type: Unquoted Service Path
# Tested on: Windows 10 Enterprise

# Step to discover Unquoted Service Path:

C:\>wmic service get name,displayname,pathname,startmode |findstr /i "auto"
|findstr /i /v "c:\windows\\" |findstr /i /v """
WIBU-KEY Server
        WkSvW32.exe                               C:\PROGRAM FILES
(X86)\WIBUKEY\SERVER\WkSvW32.exe
                                   Auto

C:\Users\IEUser>sc qc WkSvW32.exe
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: WkSvW32.exe
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\PROGRAM FILES
(X86)\WIBUKEY\SERVER\WkSvW32.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : WIBU-KEY Server
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem