Genexus Protection Server 9.6.4.2 - 'protsrvservice' Unquoted Service Path

vendor:

Genexus Protection Server

by:

SamAlucard

7.8

CVSS

HIGH

Unquoted Service Path

CWE

Product Name: Genexus Protection Server

Affected Version From: 9.6.4.2

Affected Version To: 9.6.4.2

Patch Exists: NO

Related CWE: N/A

CPE: a:genexus:genexus_protection_server:9.6.4.2

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 10 Pro

2020

Genexus Protection Server 9.6.4.2 – ‘protsrvservice’ Unquoted Service Path

Genexus Protection Server 9.6.4.2 is vulnerable to an unquoted service path vulnerability. This vulnerability allows an attacker to gain elevated privileges on the system by exploiting the service path of the 'protsrvservice' service. The service path is not properly quoted, allowing an attacker to inject malicious code into the service path.

Mitigation:

Ensure that all service paths are properly quoted and that all services are running with the least privileges necessary.

Source

Exploit-DB raw data:

#Exploit Title: Genexus Protection Server 9.6.4.2 - 'protsrvservice' Unquoted Service Path
Service Path
#Exploit Author : SamAlucard
#Exploit Date: 2020-11-08
#Vendor : Genexus
#Version : Genexus Protection Server 9.6.4.2
#Software Link: https://www.genexus.com/en/developers/downloadcenter?data=;;
#Vendor Homepage :  https://www.genexus.com/es/
#Tested on OS: Windows 10 Pro

#Analyze PoC :
==============

C:\>sc qc protsrvservice
[SC] QueryServiceConfig CORRECTO

NOMBRE_SERVICIO: protsrvservice
        TIPO               : 10  WIN32_OWN_PROCESS
        TIPO_INICIO        : 2   AUTO_START
        CONTROL_ERROR      : 1   NORMAL
        NOMBRE_RUTA_BINARIO: C:\Program Files (x86)\Common
Files\Artech\GXProt1\ProtSrv.exe
        GRUPO_ORDEN_CARGA  :
        ETIQUETA           : 0
        NOMBRE_MOSTRAR     : ProtSrvService
        DEPENDENCIAS       : RPCSS
        NOMBRE_INICIO_SERVICIO: LocalSystem