vendor:
Splashtop
by:
A.I. Hernandez
7.8
CVSS
HIGH
Unquoted Service Path
426
CWE
Product Name: Splashtop
Affected Version From: 8.71.12001.0
Affected Version To: 8.71.12001.0
Patch Exists: NO
Related CWE:
CPE: a:splashtop:splashtop
Platforms Tested: Windows 10 21H2
2022
Splashtop 8.71.12001.0 – Unquoted Service Path
Splashtop 8.71.12001.0 is vulnerable to Unquoted Service Path vulnerability. An attacker can exploit this vulnerability by placing malicious files in the same directory as the vulnerable service and gain elevated privileges.
Mitigation:
Ensure that all services have a fully qualified path to the executable. Also, ensure that all services are running with the least privileges necessary.