vendor:
Kiwi Syslog Server
by:
Milad Karimi (Ex3ptionaL)
6.1
CVSS
HIGH
Unquoted Service Path
428
CWE
Product Name: Kiwi Syslog Server
Affected Version From: 9.6.7.1
Affected Version To: 9.6.7.1
Patch Exists: NO
Related CWE: CVE-2024-XXXXX
CPE: a:solarwinds:kiwi_syslog_server:9.6.7.1
Platforms Tested: Windows 10 Pro x64
2024
SolarWinds Kiwi Syslog Server 9.6.7.1 – Unquoted Service Path
SolarWinds Kiwi Syslog Server 9.6.7.1 has an unquoted service path vulnerability, which could allow an attacker to escalate privileges by placing a malicious executable in the system path. This vulnerability has been assigned CVE-ID CVE-2024-XXXXX.
Mitigation:
To mitigate this vulnerability, users should ensure that all service paths are quoted properly to prevent unauthorized files from being executed. Additionally, regular security scans and monitoring can help detect any unusual activities.