Disk Savvy 13.6.14 - 'Multiple' Unquoted Service Path

vendor:

Disk Savvy

by:

Brian Rodriguez

7.5

CVSS

HIGH

Unquoted Service Path

428

CWE

Product Name: Disk Savvy

Affected Version From: 13.6.14

Affected Version To: 13.6.14

Patch Exists: NO

Related CWE:

CPE: a:disksavvy:disksavvy:13.6.14

Metasploit:

Other Scripts:

Platforms Tested: Windows 10 Enterprise 64 bits

2021

Disk Savvy 13.6.14 – ‘Multiple’ Unquoted Service Path

The Disk Savvy software version 13.6.14 is affected by an unquoted service path vulnerability. This vulnerability could allow an attacker to execute arbitrary code with elevated privileges.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a patched version of Disk Savvy that addresses the unquoted service path issue.

Source

Exploit-DB raw data:

# Exploit Title: Disk Savvy 13.6.14 - 'Multiple' Unquoted Service Path
# Discovery by: Brian Rodriguez
# Date: 16-06-2021
# Vendor Homepage: https://www.disksavvy.com
# Software Links:
# https://www.disksavvy.com/setups_x64/disksavvysrv_setup_v13.6.14_x64.exe
# https://www.disksavvy.com/setups_x64/disksavvyent_setup_v13.6.14_x64.exe
# Tested Version: 13.6.14
# Vulnerability Type: Unquoted Service Path
# Tested on: Windows 10 Enterprise 64 bits

# Step to discover Unquoted Service Path:

C:\>wmic service get name,displayname,pathname,startmode |findstr /i "auto"
|findstr /i /v "c:\windows\\" |findstr /i /v """

Disk Savvy Server          Disk Savvy Server   C:\Program Files\Disk Savvy
Server\bin\disksvs.exe   Auto
Disk Savvy Enterprise    Disk Savvy Enterprise   C:\Program Files\Disk
Savvy Enterprise\bin\disksvs.exe   Auto

C:\>sc qc "Disk Savvy Server"
[SC] QueryServiceConfig CORRECTO

NOMBRE_SERVICIO: Disk Savvy Server
        TIPO               : 10  WIN32_OWN_PROCESS
        TIPO_INICIO        : 2   AUTO_START
        CONTROL_ERROR      : 0   IGNORE
        NOMBRE_RUTA_BINARIO: C:\Program Files\Disk Savvy
Server\bin\disksvs.exe
        GRUPO_ORDEN_CARGA  :
        ETIQUETA           : 0
        NOMBRE_MOSTRAR     : Disk Savvy Server
        DEPENDENCIAS       :
        NOMBRE_INICIO_SERVICIO: LocalSystem

C:\>sc qc "Disk Savvy Enterprise"
[SC] QueryServiceConfig CORRECTO

NOMBRE_SERVICIO: Disk Savvy Enterprise
        TIPO               : 10  WIN32_OWN_PROCESS
        TIPO_INICIO        : 2   AUTO_START
        CONTROL_ERROR      : 0   IGNORE
        NOMBRE_RUTA_BINARIO: C:\Program Files\Disk Savvy
Enterprise\bin\disksvs.exe
        GRUPO_ORDEN_CARGA  :
        ETIQUETA           : 0
        NOMBRE_MOSTRAR     : Disk Savvy Enterprise
        DEPENDENCIAS       :
        NOMBRE_INICIO_SERVICIO: LocalSystem