vendor:
NO-IP DUC
by:
Ehsan Hosseini
7,2
CVSS
HIGH
Unquoted Service Path Privilege Escalation
426
CWE
Product Name: NO-IP DUC
Affected Version From: 4.1.1
Affected Version To: 4.1.1
Patch Exists: NO
Related CWE: N/A
CPE: a:no-ip:no-ip_duc:4.1.1
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2016
NO-IP DUC v4.1.1 – Unquoted Service Path Privilege Escalation
NO-IP DUC v4.1.1 installs as a service with an unquoted service path with name NoIPDUCService4.
Mitigation:
Ensure that all services are installed with a fully qualified path name.
