ActiveFax Server 6.92 Build 0316 - 'ActiveFaxServiceNT' Unquoted Service Path

vendor:

ActiveFax Server

by:

Cakes

7.8

CVSS

HIGH

Unquoted Service Path

428

CWE

Product Name: ActiveFax Server

Affected Version From: ActiveFax Server 6.92 Build 0316

Affected Version To: ActiveFax Server 6.92 Build 0316

Patch Exists: NO

Related CWE:

CPE: a:actfax:activefax_server:6.92:build_0316

Metasploit:

Other Scripts:

Platforms Tested: Windows 10

2019

ActiveFax Server 6.92 Build 0316 – ‘ActiveFaxServiceNT’ Unquoted Service Path

The ActiveFax Server 6.92 Build 0316 software has an unquoted service path vulnerability. This vulnerability could allow an attacker to escalate privileges and execute arbitrary code by placing a malicious executable in the path.

Mitigation:

To mitigate this vulnerability, it is recommended to update to the latest version of ActiveFax Server and ensure that the service path is properly quoted.

Source

Exploit-DB raw data:

# Exploit Title : ActiveFax Server 6.92 Build 0316 - 'ActiveFaxServiceNT' Unquoted Service Path
# Date : 2019-10-15
# Exploit Author : Cakes
# Vendor Homepage: https://www.actfax.com/
# Software Link :  https://www.actfax.com/download/actfax_setup_x64_ge.exe
# Version : ActiveFax Server 6.92 Build 0316
# Tested on Windows 10
# CVE : N/A 

sc qc ActiveFaxServiceNT
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: ActiveFaxServiceNT
        TYPE               : 10  WIN32_OWN_PROCESS 
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files\ActiveFax\Server\ActSrvNT.exe
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : ActiveFax-Server-Dienst
        DEPENDENCIES       : 
        SERVICE_START_NAME : .\Administrator