Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-7590

Summary
Assigner-jci
Assigner Org ID-7281d04a-a537-43df-bfb4-fa4110af9d01
Published At-19 Jul, 2019 | 20:56
Updated At-17 Sep, 2024 | 01:40
Rejected At-
Credits

exacqVision Server Unquoted Service Path

ExacqVision Server’s services 'exacqVisionServer', 'dvrdhcpserver' and 'mdnsresponder' have an unquoted service path. If an authenticated user is able to insert code in their system root path it potentially can be executed during the application startup. This could allow the authenticated user to elevate privileges on the system. This issue affects: Exacq Technologies, Inc. exacqVision Server 9.6; 9.8. This issue does not affect: Exacq Technologies, Inc. exacqVision Server version 9.4 and prior versions; 19.03. It is not known whether this issue affects: Exacq Technologies, Inc. exacqVision Server versions prior to 8.4.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:jci
Assigner Org ID:7281d04a-a537-43df-bfb4-fa4110af9d01
Published At:19 Jul, 2019 | 20:56
Updated At:17 Sep, 2024 | 01:40
Rejected At:
▼CVE Numbering Authority (CNA)
exacqVision Server Unquoted Service Path

ExacqVision Server’s services 'exacqVisionServer', 'dvrdhcpserver' and 'mdnsresponder' have an unquoted service path. If an authenticated user is able to insert code in their system root path it potentially can be executed during the application startup. This could allow the authenticated user to elevate privileges on the system. This issue affects: Exacq Technologies, Inc. exacqVision Server 9.6; 9.8. This issue does not affect: Exacq Technologies, Inc. exacqVision Server version 9.4 and prior versions; 19.03. It is not known whether this issue affects: Exacq Technologies, Inc. exacqVision Server versions prior to 8.4.

Affected Products
Vendor
Exacq Technologies, Inc.
Product
exacqVision Server
Versions
Affected
  • 9.6
  • 9.8
Unaffected
  • From unspecified through 9.4 (custom)
  • From next of 19.03 before unspecified (custom)

unknown

  • From unspecified before 8.4 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-428CWE-428 Unquoted Search Path or Element
textN/AThe exacqVision Server unquoted service path privilege escalation vulnerability is possible in the Windows operating system.
Type: CWE
CWE ID: CWE-428
Description: CWE-428 Unquoted Search Path or Element
Type: text
CWE ID: N/A
Description: The exacqVision Server unquoted service path privilege escalation vulnerability is possible in the Windows operating system.
Metrics
VersionBase scoreBase severityVector
3.06.7MEDIUM
CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Version: 3.0
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Upgrade to exacqVision Server 19.03

Configurations

Windows operating system with exacqVision Server version 9.6 or 9.8 installed.

Workarounds

Run Registry Editor and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\exacqVisionServer. Modify the ImagePath for to include quotations around the entire file path. Repeat this process for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dvrdhcpserver and HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mdnsresponder

Exploits

N/A

Credits
Gjoko 'LiquidWorm' Krstic
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://packetstormsecurity.com/files/152128/exacqVision-9.8-Unquoted-Service-Path-Privilege-Escalation.html
x_refsource_MISC
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5515.php
x_refsource_MISC
https://gallery.technet.microsoft.com/scriptcenter/Windows-Unquoted-Service-190f0341
x_refsource_MISC
https://www.us-cert.gov/ics/advisories/icsa-19-199-01
x_refsource_MISC
https://www.johnsoncontrols.com/cyber-solutions/security-advisories
x_refsource_CONFIRM
http://www.securityfocus.com/bid/109307
vdb-entry
x_refsource_BID
Hyperlink: https://packetstormsecurity.com/files/152128/exacqVision-9.8-Unquoted-Service-Path-Privilege-Escalation.html
Resource:
x_refsource_MISC
Hyperlink: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5515.php
Resource:
x_refsource_MISC
Hyperlink: https://gallery.technet.microsoft.com/scriptcenter/Windows-Unquoted-Service-190f0341
Resource:
x_refsource_MISC
Hyperlink: https://www.us-cert.gov/ics/advisories/icsa-19-199-01
Resource:
x_refsource_MISC
Hyperlink: https://www.johnsoncontrols.com/cyber-solutions/security-advisories
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/109307
Resource:
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://packetstormsecurity.com/files/152128/exacqVision-9.8-Unquoted-Service-Path-Privilege-Escalation.html
x_refsource_MISC
x_transferred
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5515.php
x_refsource_MISC
x_transferred
https://gallery.technet.microsoft.com/scriptcenter/Windows-Unquoted-Service-190f0341
x_refsource_MISC
x_transferred
https://www.us-cert.gov/ics/advisories/icsa-19-199-01
x_refsource_MISC
x_transferred
https://www.johnsoncontrols.com/cyber-solutions/security-advisories
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/109307
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://packetstormsecurity.com/files/152128/exacqVision-9.8-Unquoted-Service-Path-Privilege-Escalation.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5515.php
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://gallery.technet.microsoft.com/scriptcenter/Windows-Unquoted-Service-190f0341
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.us-cert.gov/ics/advisories/icsa-19-199-01
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.johnsoncontrols.com/cyber-solutions/security-advisories
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/109307
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:productsecurity@jci.com
Published At:19 Jul, 2019 | 21:15
Updated At:10 Feb, 2020 | 21:53

ExacqVision Server’s services 'exacqVisionServer', 'dvrdhcpserver' and 'mdnsresponder' have an unquoted service path. If an authenticated user is able to insert code in their system root path it potentially can be executed during the application startup. This could allow the authenticated user to elevate privileges on the system. This issue affects: Exacq Technologies, Inc. exacqVision Server 9.6; 9.8. This issue does not affect: Exacq Technologies, Inc. exacqVision Server version 9.4 and prior versions; 19.03. It is not known whether this issue affects: Exacq Technologies, Inc. exacqVision Server versions prior to 8.4.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.8HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.06.7MEDIUM
CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Primary2.04.6MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.0
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 4.6
Base severity: MEDIUM
Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
johnsoncontrols
johnsoncontrols
>>exacqvision_server>>9.6
cpe:2.3:a:johnsoncontrols:exacqvision_server:9.6:*:*:*:*:*:*:*
johnsoncontrols
johnsoncontrols
>>exacqvision_server>>9.8
cpe:2.3:a:johnsoncontrols:exacqvision_server:9.8:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-428Primarynvd@nist.gov
CWE-428Secondaryproductsecurity@jci.com
CWE ID: CWE-428
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-428
Type: Secondary
Source: productsecurity@jci.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/109307productsecurity@jci.com
Third Party Advisory
VDB Entry
https://gallery.technet.microsoft.com/scriptcenter/Windows-Unquoted-Service-190f0341productsecurity@jci.com
Patch
Third Party Advisory
https://packetstormsecurity.com/files/152128/exacqVision-9.8-Unquoted-Service-Path-Privilege-Escalation.htmlproductsecurity@jci.com
Exploit
Third Party Advisory
VDB Entry
https://www.johnsoncontrols.com/cyber-solutions/security-advisoriesproductsecurity@jci.com
Mitigation
Vendor Advisory
https://www.us-cert.gov/ics/advisories/icsa-19-199-01productsecurity@jci.com
Third Party Advisory
US Government Resource
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5515.phpproductsecurity@jci.com
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/109307
Source: productsecurity@jci.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://gallery.technet.microsoft.com/scriptcenter/Windows-Unquoted-Service-190f0341
Source: productsecurity@jci.com
Resource:
Patch
Third Party Advisory
Hyperlink: https://packetstormsecurity.com/files/152128/exacqVision-9.8-Unquoted-Service-Path-Privilege-Escalation.html
Source: productsecurity@jci.com
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: https://www.johnsoncontrols.com/cyber-solutions/security-advisories
Source: productsecurity@jci.com
Resource:
Mitigation
Vendor Advisory
Hyperlink: https://www.us-cert.gov/ics/advisories/icsa-19-199-01
Source: productsecurity@jci.com
Resource:
Third Party Advisory
US Government Resource
Hyperlink: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5515.php
Source: productsecurity@jci.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

59Records found
CVE-2017-3141
Matching Score-4
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Matching Score-4
Assigner-Internet Systems Consortium (ISC)
CVSS Score-7.2||HIGH
EPSS-2.55% / 84.91%
||
7 Day CHG~0.00%
Published-16 Jan, 2019 | 20:00
Updated-16 Sep, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows service and uninstall paths are not quoted when BIND is installed

The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this. Affects BIND 9.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4.0->9.8.8, 9.9.0->9.9.10, 9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, 9.10.5-S1.

Action-Not Available
Vendor-Internet Systems Consortium, Inc.
Product-bindBIND 9
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2017-3751
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.47%
||
7 Day CHG~0.00%
Published-10 Aug, 2017 | 00:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unquoted service path vulnerability was identified in the driver for the ThinkPad Compact USB Keyboard with TrackPoint versions earlier than 1.5.5.0. This could allow an attacker with local privileges to execute code with administrative privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_compact_usb_keyboard_driverThinkPad Compact USB Keyboard with TrackPoint Driver
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2017-3757
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.47%
||
7 Day CHG~0.00%
Published-28 Aug, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unquoted service path vulnerability was identified in the driver for the ElanTech Touchpad, various versions, used on some Lenovo brand notebooks (not ThinkPads). This could allow an attacker with local privileges to execute code with administrative privileges.

Action-Not Available
Vendor-ELAN Microelectronics CorporationLenovo Group Limited
Product-elan_touchpad_driverLenovo ElanTech Touchpad driver
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2017-3005
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.39% / 59.34%
||
7 Day CHG~0.00%
Published-12 Apr, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Photoshop versions CC 2017 (18.0.1) and earlier, CC 2015.5.1 (17.0.1) and earlier have an unquoted search path vulnerability.

Action-Not Available
Vendor-n/aAdobe Inc.Microsoft Corporation
Product-windowsphotoshop_ccAdobe Photoshop CC 2017 (18.0.1) and earlier, CC 2015.5.1 (17.0.1) and earlier.
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2017-15383
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.59%
||
7 Day CHG~0.00%
Published-16 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Nero 7.10.1.0 has an unquoted BINARY_PATH_NAME for NBService, exploitable via a Trojan horse Nero.exe file in the %PROGRAMFILES(x86)%\Nero directory.

Action-Not Available
Vendor-neron/a
Product-neron/a
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-29218
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 20.49%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 22:29
Updated-03 Aug, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A local unquoted search path security vulnerability has been identified in HPE Agentless Management Service for Windows version(s): Prior to 1.44.0.0, 10.96.0.0. This vulnerability could be exploited locally by a user with high privileges to execute malware that may lead to a loss of confidentiality, integrity, and availability. HPE has provided software updates to resolve the vulnerability in HPE Agentless Management Service for Windows.

Action-Not Available
Vendor-n/aMicrosoft CorporationHewlett Packard Enterprise (HPE)
Product-synergy_620_gen9synergy_480_gen9proliant_agentless_managementapollo_6500apollo_2000_gen_10_pluswindowsproliant_dlapollo_20agentless_managementapollo_6500_gen10_plusapollo_80proliant_mlsynergy_680_gen9synergy_660_gen9HPE Agentless Management
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-5569
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.4||HIGH
EPSS-0.16% / 37.59%
||
7 Day CHG~0.00%
Published-20 Apr, 2020 | 07:25
Updated-04 Aug, 2024 | 08:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unquoted search path vulnerability exists in HDD Password tool (for Windows) version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TB(HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO PREMIUM 2TB(HD-MB20TY, HD-MA20TY, HD-MB20TS, HD-MA20TS), CANVIO PREMIUM 1TB(HD-MB10TY, HD-MA10TY, HD-MB10TS, HD-MA10TS), CANVIO SLIM 1TB(HD-SB10TK, HD-SB10TS), and CANVIO SLIM 500GB(HD-SB50GK, HD-SA50GK, HD-SB50GS, HD-SA50GS), and which was downloaded before 2020 May 10. Since it registers Windows services with unquoted file paths, when a registered path contains spaces, and a malicious executable is placed on a certain path, it may be executed with the privilege of the Windows service.

Action-Not Available
Vendor-toshibaToshiba Electronic Devices & Storage Corporation
Product-hd-sa50gkhd-ma30tyhd-sb10tkpassword_tool_for_windowshd-mb30tshd-sa50gshd-sb50gshd-mb10tshd-ma10tyhd-mb20tshd-sb10tshd-sb50gkhd-ma20tshd-ma20tyhd-mb20tyhd-ma30tshd-ma10tshd-mb30tyhd-mb10tyHDD Password tool (for Windows)
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-5147
Matching Score-4
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-4
Assigner-SonicWall, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 27.26%
||
7 Day CHG~0.00%
Published-09 Jan, 2021 | 00:15
Updated-04 Aug, 2024 | 08:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 10.2.300 and earlier.

Action-Not Available
Vendor-SonicWall Inc.
Product-netextenderSonicWall NetExtender
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2020-35152
Matching Score-4
Assigner-Cloudflare, Inc.
ShareView Details
Matching Score-4
Assigner-Cloudflare, Inc.
CVSS Score-4.5||MEDIUM
EPSS-0.05% / 16.77%
||
7 Day CHG~0.00%
Published-02 Feb, 2021 | 23:35
Updated-16 Sep, 2024 | 22:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege escalation through unquoted service binary path on Cloudflare WARP for Windows

Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing the unquoted service path issue. Since version 1.2.2695.1, the vulnerability was fixed by adding quotes around the service's binary path. This issue affects Cloudflare WARP for Windows, versions prior to 1.2.2695.1.

Action-Not Available
Vendor-Cloudflare, Inc.
Product-warpCloudflare WARP for Windows
CWE ID-CWE-428
Unquoted Search Path or Element
  • Previous
  • 1
  • 2
  • Next
Details not found