← back
CVE-2020-37231

Privacy Drive 3.17.0 Unquoted Service Path Privilege Escalation

CVSS 8.5 HIGHEPSS 0.1%CWE-428
Privacy Drive 3.17.0 contains an unquoted service path vulnerability in the pdsvc.exe service binary that allows local attackers to escalate privileges by exploiting the service startup process. Attackers can place malicious executables in the unquoted path directories to execute arbitrary code with LocalSystem privileges during service startup or system reboot.
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Cybertronsoft · Privacy Drive
public PoCs found1
cve_referencewww.exploit-db.com/exploits/49023unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.cybertronsoft.com/https://www.cybertronsoft.com/download/privacy-drive-setup.exehttps://www.exploit-db.com/exploits/49023https://www.vulncheck.com/advisories/privacy-drive-unquoted-service-path-privilege-escalation