LiteManager 4.5.0 - 'romservice' Unquoted Serive Path

vendor:

LiteManager

by:

Cakes

5.5

CVSS

MEDIUM

Unquoted Service Path

428

CWE

Product Name: LiteManager

Affected Version From: LiteManager 4.5.0

Affected Version To: LiteManager 4.5.0

Patch Exists: NO

Related CWE:

CPE: a:liteteam:litemanager:4.5.0

Metasploit:

Other Scripts:

Platforms Tested: Windows 10

2019

LiteManager 4.5.0 – ‘romservice’ Unquoted Serive Path

The LiteManager 4.5.0 software has an unquoted service path vulnerability in the 'romservice' service. This vulnerability allows an attacker with local access to escalate privileges and potentially execute arbitrary code.

Mitigation:

To mitigate this vulnerability, it is recommended to ensure that the service path is quoted properly in the 'romservice' service configuration.

Source

Exploit-DB raw data:

# Exploit Title : LiteManager 4.5.0 - 'romservice' Unquoted Serive Path
# Date : 2019-10-15
# Exploit Author : Cakes
# Vendor: LiteManager Team
# Version : LiteManager 4.5.0
# Software: http://html.tucows.com/preview/1594042/LiteManager-Free?q=remote+support
# Tested on Windows 10
# CVE : N/A 
     
c:\>sc qc romservice
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: romservice
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files (x86)\LiteManagerFree - Server\ROMServer.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : LiteManagerTeam LiteManager
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem