Description
Vembu StoreGrid 4.0 contains an unquoted service path vulnerability in the RemoteBackup and RemoteBackup_webServer services that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted path and restart the service to execute code with LocalSystem privileges.
Problem types
Unquoted Search Path or Element
Product status
Credits
Joey Lane
References
www.exploit-db.com/exploits/40582 (ExploitDB-40582)
www.vulncheck.com/...uoted-service-path-privilege-escalation (VulnCheck Advisory: Vembu StoreGrid 4.0 Unquoted Service Path Privilege Escalation)