CVE-2020-36879
Description
Flexsense DiskBoss 11.7.28 allows unauthenticated attackers to elevate their privileges using any of its services, enabling remote code execution during startup or reboot with escalated privileges. Attackers can exploit the unquoted service path vulnerability by specifying a malicious service name in the 'sc qc' command, allowing them to execute arbitrary system commands.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2020-36879? +
How do I check if I'm vulnerable to CVE-2020-36879? +
Related Vulnerabilities
The service executable path in Seagate Toolkit on Versions prior to 2.34.0.33 on Windows allows an attacker with Admin privileges …
The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker …
The HP Fan Control App might allow local escalation of privileges. An updated version of HP Fan Control App has …
Unquoted Search Path or Element vulnerability in OpenText™ Service Manager. The vulnerability could allow a user to gain SYSTEM privileges …
An unquoted executable path exists in the Rockwell Automation FactoryTalk® Remote Access™ possibly resulting in remote code execution if exploited. …
An Unquoted Search Path vulnerability has been identified in the utility for Moxa’s industrial computers (Windows). Due to the unquoted …