Home

Description

Serviio PRO 1.8 contains an unquoted search path vulnerability in the Windows service that allows local users to execute arbitrary code with elevated privileges by placing malicious executables in the system root path. Additionally, improper directory permissions with full access for the Users group allow authenticated users to replace the executable file with arbitrary binaries, enabling privilege escalation during service startup or system reboot.

PUBLISHED Reserved 2026-03-15 | Published 2026-03-15 | Updated 2026-03-16 | Assigner VulnCheck




HIGH: 8.5CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

Unquoted Search Path or Element

Product status

1.8.0.0 PRO
affected

1.7.1
affected

1.7.0
affected

1.6.1
affected

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab finder

References

www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5405.php (Zero Science Lab Disclosure) third-party-advisory

blogs.securiteam.com/index.php/archives/3094 (SecuriTeam Blogs) third-party-advisory

www.exploit-db.com/exploits/41959/ (Exploit-DB) exploit

packetstormsecurity.com/files/142384 (Packet Storm Security) exploit

cxsecurity.com/issue/WLB-2017050019 (CXSecurity) third-party-advisory

exchange.xforce.ibmcloud.com/vulnerabilities/125644 (IBM X-Force Exchange) vdb-entry

www.vulncheck.com/...-privilege-escalation-via-unquoted-path (VulnCheck Advisory: Serviio PRO 1.8 Local Privilege Escalation via Unquoted Path) third-party-advisory

cve.org (CVE-2017-20218)

nvd.nist.gov (CVE-2017-20218)

Download JSON