CVE-2020-37231

Privacy Drive 3.17.0 Unquoted Service Path Privilege Escalation

CVSS 8.5 HIGHEPSS 0.1%CWE-428

Privacy Drive 3.17.0 contains an unquoted service path vulnerability in the pdsvc.exe service binary that allows local attackers to escalate privileges by exploiting the service startup process. Attackers can place malicious executables in the unquoted path directories to execute arbitrary code with LocalSystem privileges during service startup or system reboot.

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Productos afectados

Cybertronsoft · Privacy Drive

PoCs públicas encontradas — 1

cve_referencewww.exploit-db.com/exploits/49023no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.cybertronsoft.com/https://www.cybertronsoft.com/download/privacy-drive-setup.exe https://www.exploit-db.com/exploits/49023 https://www.vulncheck.com/advisories/privacy-drive-unquoted-service-path-privilege-escalation