header-logo
Suggest Exploit
vendor:
Workspace ONE Intelligent Hub
by:
Ismael Nava
7,2
CVSS
HIGH
Unquoted Service Path
22
CWE
Product Name: Workspace ONE Intelligent Hub
Affected Version From: 20.3.8.0
Affected Version To: 20.3.8.0
Patch Exists: NO
Related CWE: N/A
CPE: a:vmware:workspace_one_intelligent_hub:20.3.8.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 10 Enterprise 64 bits
2021

Workspace ONE Intelligent Hub 20.3.8.0 – ‘VMware Hub Health Monitoring Service’ Unquoted Service Path

The VMware Hub Health Monitoring Service is installed with the Workspace ONE Intelligent Hub 20.3.8.0. The service is configured to start automatically, but the path to the executable is not enclosed in quotation marks, which can allow a local attacker to gain elevated privileges.

Mitigation:

Enclose the path to the executable in quotation marks.
Source

Exploit-DB raw data:

# Exploit Title: Workspace ONE Intelligent Hub 20.3.8.0 - 'VMware Hub Health Monitoring Service' Unquoted Service Path
# Discovery by: Ismael Nava
# Discovery Date: 06-16-2021
# Vendor Homepage: https://www.vmware.com/mx/products/workspace-one/intelligent-hub.html
# Software Links : https://getwsone.com/
# Tested Version: 20.3.8.0
# Vulnerability Type: Unquoted Service Path
# Tested on OS: Windows 10 Enterprise 64 bits


# Step to discover Unquoted Service Path:

C:\>wmic service get name, displayname, pathname, startmode | findstr /i "Auto" | findstr /i /v "C:\Windows\\" |findstr /i /v """
VMware Hub Health Monitoring Service	VMware Hub Health Monitoring Service	C:\Program Files (x86)\Airwatch\HealthMonitoring\Service\VMwareHubHealthMonitoring.exe	Auto

C:\>sc qc "VMware Hub Health Monitoring Service"
[SC] QueryServiceConfig CORRECTO

NOMBRE_SERVICIO: VMware Hub Health Monitoring Service
        TIPO               : 10  WIN32_OWN_PROCESS
        TIPO_INICIO        : 2   AUTO_START
        CONTROL_ERROR      : 1   NORMAL
        NOMBRE_RUTA_BINARIO: C:\Program Files (x86)\Airwatch\HealthMonitoring\Service\VMwareHubHealthMonitoring.exe
        GRUPO_ORDEN_CARGA  :
        ETIQUETA           : 0
        NOMBRE_MOSTRAR     : VMware Hub Health Monitoring Service
        DEPENDENCIAS       :
        NOMBRE_INICIO_SERVICIO: LocalSystem

Navigation

Suggest Exploit

Services By CQR