CVE Catalog

CVE-2020-37251

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile - higher than 2% of all known CVEs

Summary

RealTimes Desktop Service version 18.1.4 contains an unquoted service path vulnerability in the rpdsvc.exe binary that allows local attackers to escalate privileges. Attackers can place malicious executables in unquoted path directories to execute arbitrary code with LocalSystem privileges during service startup or system reboot.

Risk Assessment

This vulnerability poses a significant risk to organizations by allowing local attackers to gain full system privileges. This could lead to unauthorized access to data and potential damage to IT infrastructure.

Recommendation

It is recommended to update the RealTimes Desktop Service to the latest version to mitigate this vulnerability. Additionally, conducting an audit of service paths to identify and secure unquoted paths is advisable.

Original NVD description (English source)

RealTimes Desktop Service 18.1.4 contains an unquoted service path vulnerability in the rpdsvc.exe binary that allows local attackers to escalate privileges. Attackers can place malicious executables in unquoted path directories to execute arbitrary code with LocalSystem privileges during service startup or system reboot.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS