CVE Catalog

CVE-2020-37253

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.11%

1th percentile - higher than 1% of all known CVEs

Summary

Winstep 18.06.0096 contains an unquoted service path vulnerability in the Winstep Xtreme Service that allows local attackers to escalate privileges. Attackers can place malicious executables in the Program Files directory to be executed with LocalSystem privileges when the service starts.

Risk Assessment

This vulnerability poses a risk of privilege escalation, potentially allowing local attackers to gain control over the system. This could lead to serious security implications for the organization.

Recommendation

It is recommended to update Winstep to the latest version to mitigate this vulnerability. Additionally, access to the Program Files directory should be monitored and restricted.

Original NVD description (English source)

Winstep 18.06.0096 contains an unquoted service path vulnerability in the Winstep Xtreme Service that allows local attackers to escalate privileges. Attackers can place malicious executables in the Program Files directory to be executed with LocalSystem privileges when the service starts.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS