CVE-2020-37253
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk1th percentile - higher than 1% of all known CVEs
Summary
Winstep 18.06.0096 contains an unquoted service path vulnerability in the Winstep Xtreme Service that allows local attackers to escalate privileges. Attackers can place malicious executables in the Program Files directory to be executed with LocalSystem privileges when the service starts.
Risk Assessment
This vulnerability poses a risk of privilege escalation, potentially allowing local attackers to gain control over the system. This could lead to serious security implications for the organization.
Recommendation
It is recommended to update Winstep to the latest version to mitigate this vulnerability. Additionally, access to the Program Files directory should be monitored and restricted.
Original NVD description (English source)
Winstep 18.06.0096 contains an unquoted service path vulnerability in the Winstep Xtreme Service that allows local attackers to escalate privileges. Attackers can place malicious executables in the Program Files directory to be executed with LocalSystem privileges when the service starts.

