Odoo 12.0.20190101 - 'nssm.exe' Unquoted Service Path

vendor:

Odoo

by:

1F98D

7.8

CVSS

HIGH

Unquoted Service Path

426

CWE

Product Name: Odoo

Affected Version From: 12.0.20190101

Affected Version To: 12.0.20190101

Patch Exists: NO

Related CWE: N/A

CPE: a:odoo:odoo:12.0.20190101

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows

2019

Odoo 12.0.20190101 – ‘nssm.exe’ Unquoted Service Path

Odoo 12.0.20190101 is vulnerable to Unquoted Service Path vulnerability. This vulnerability can be exploited by malicious users to gain privileges. The vulnerability is due to the application not properly quoting the path of the service executable. A malicious user can exploit this vulnerability to gain elevated privileges.

Mitigation:

Ensure that the path of the service executable is properly quoted.

Source

Exploit-DB raw data:

# Exploit Title: Odoo 12.0.20190101 - 'nssm.exe' Unquoted Service Path
# Exploit Author: 1F98D
# Vendor Homepage: https://www.odoo.com/
# Software Link:  https://nightly.odoo.com/12.0/nightly/windows/odoo_12.0.20190101.exe
# Tested Version: 12.0.20190101
# Tested on OS: Windows 
# Step to discover Unquoted Service Path:

C:\> icacls "C:\Program Files (x86)\Odoo 12.0\nssm"

C:\Program Files (x86)\Odoo 12.0\nssm pc-1\user-1:(OI)(CI)(M)
                                      NT SERVICE\TrustedInstaller:(I)(F)
                                      NT SERVICE\TrustedInstaller:(I)(CI)(IO)(F)
                                      NT AUTHORITY\SYSTEM:(I)(F)
                                      NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
                                      BUILTIN\Administrators:(I)(F)
                                      BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
                                      BUILTIN\Users:(I)(RX)
                                      BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)
                                      CREATOR OWNER:(I)(OI)(CI)(IO)(F)
                                      APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(I)(RX)
                                      APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(I)(OI)(CI)(IO)(GR,GE)
                                      APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(I)(RX)
                                      APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(I)(OI)(CI)(IO)(GR,GE)