DigitalPersona 4.5.0.2213 - 'DpHostW' Unquoted Service Path

vendor:

DigitalPersona Pro

by:

SamAlucard

7.8

CVSS

HIGH

Unquoted Service Path

CWE

Product Name: DigitalPersona Pro

Affected Version From: 4.5.0.2213

Affected Version To: 4.5.0.2213

Patch Exists: No

Related CWE: N/A

CPE: a:digitalpersona:digitalpersona_pro:4.5.0.2213

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 10 Home

2020

DigitalPersona 4.5.0.2213 – ‘DpHostW’ Unquoted Service Path

DigitalPersona Pro 4.5.0.2213 is vulnerable to an Unquoted Service Path vulnerability. This vulnerability allows an attacker to gain elevated privileges on the system by exploiting the unquoted service path of the DpHostW.exe service.

Mitigation:

Ensure that all services have their paths quoted. This can be done by using the Microsoft Security Compliance Manager (SCM) to audit the system for unquoted service paths.

Source

Exploit-DB raw data:

#Exploit Title: DigitalPersona 4.5.0.2213 - 'DpHostW' Unquoted Service Path
#Exploit Author : SamAlucard
#Exploit Date: 2020-11-08
#Vendor : DigitalPersona  U. are U. One Touch
#Version : DigitalPersona Pro 4.5.0.2213
#Vendor Homepage :  https://www.hidglobal.com/crossmatch
#Tested on OS: Windows 10 Home

#Analyze PoC :
==============

C:\>sc qc DpHost
[SC] QueryServiceConfig CORRECTO

NOMBRE_SERVICIO: DpHost
        TIPO               : 10  WIN32_OWN_PROCESS
        TIPO_INICIO        : 2   AUTO_START
        CONTROL_ERROR      : 1   NORMAL
        NOMBRE_RUTA_BINARIO: C:\Program Files
(x86)\DigitalPersona\Bin\DpHostW.exe
        GRUPO_ORDEN_CARGA  : BiometricGroup
        ETIQUETA           : 0
        NOMBRE_MOSTRAR     : Servicio de autenticación biométrica
        DEPENDENCIAS       : RPCSS
        NOMBRE_INICIO_SERVICIO: LocalSystem