CVE-2020-37229

Sažetak

OKI sPSV Port Manager 1.0.41 contains an unquoted service path vulnerability in the sPSVOpLclSrv service that allows local attackers to escalate privileges by inserting executable files into the unquoted path. Attackers can place a malicious executable in a directory within the service path that will execute with LocalSystem privileges when the service restarts or the system reboots.

Reference

https://www.exploit-db.com/exploits/49005
https://www.oki.com/
https://www.oki.com/mx/printing/download/sPSV_010041_2_270910.exe
https://www.vulncheck.com/advisories/oki-spsv-port-manager-unquoted-service-path-privilege-escalation

CVSS

Base:	7.8
Impact:	5.9
Exploitability:	1.8

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

16-05-2026 - 16:16

Objavljeno

16-05-2026 - 16:16