vendor:
Oracle Database
by:
Milad Karimi (Ex3ptionaL)
6.1
CVSS
HIGH
Unquoted Service Path
428
CWE
Product Name: Oracle Database
Affected Version From: Oracle Database 12c Release 1
Affected Version To: Oracle Database 12c Release 1
Patch Exists: NO
Related CWE: CVE-ID: TBD
CPE: a:oracle:oracle_database:12c_release_1
Other Scripts:
https://www.infosecmatter.com/infosec-glossary/
Platforms Tested: Windows 10 Pro x64
2024
Oracle Database 12c Release 1 – Unquoted Service Path
The Oracle Database 12c Release 1 service 'OracleDBConsoleorcl' on Windows 10 Pro x64 has an unquoted service path, which can potentially allow an attacker to escalate privileges by placing a malicious executable in the unquoted path that is executed with elevated privileges. This vulnerability has been assigned CVE-ID: TBD.
Mitigation:
To mitigate this vulnerability, ensure that all Windows services have quoted paths to prevent privilege escalation attacks.