header-logo
Suggest Exploit
vendor:
Disk Savvy Enterprise
by:
boku
7.8
CVSS
HIGH
Unquoted Service Path
73
CWE
Product Name: Disk Savvy Enterprise
Affected Version From: 12.3.18
Affected Version To: 12.3.18
Patch Exists: NO
Related CWE: N/A
CPE: a:disksavvy:disk_savvy_enterprise:12.3.18
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows 10 (32-bit)
2020

Disk Savvy Enterprise 12.3.18 – Unquoted Service Path

Disk Savvy Enterprise 12.3.18 is vulnerable to an unquoted service path vulnerability. This vulnerability allows an attacker to gain elevated privileges on the system. The vulnerability exists because the Disk Savvy Enterprise service is installed with an unquoted service path. An attacker can exploit this vulnerability by placing malicious files in the same directory as the service executable. When the service is started, the malicious files will be executed with elevated privileges.

Mitigation:

Ensure that all service paths are properly quoted. Additionally, ensure that all services are running with the least privileges necessary.
Source

Exploit-DB raw data:

Exploit Title: Disk Savvy Enterprise 12.3.18 - Unquoted Service Path
Exploit Author: boku
Date: 2020-02-10
Vendor Homepage: http://www.disksavvy.com
Software Link: http://www.disksavvy.com/setups/disksavvyent_setup_v12.3.18.exe
Version: 12.3.18
Tested On: Windows 10 (32-bit)

C:\Users\nightelf>wmic service get name, pathname, startmode | findstr "Disk Savvy" | findstr /i /v """
Disk Savvy Enterprise      C:\Program Files\Disk Savvy Enterprise\bin\disksvs.exe      Auto

C:\Users\nightelf>sc qc "Disk Savvy Enterprise"
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: Disk Savvy Enterprise
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 0   IGNORE
        BINARY_PATH_NAME   : C:\Program Files\Disk Savvy Enterprise\bin\disksvs.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Disk Savvy Enterprise
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem

Navigation

Suggest Exploit

Services By CQR