CVE-2020-37232 | THREATINT

Description

Advanced System Care Service 13.0.0.157 contains an unquoted service path vulnerability in the AdvancedSystemCareService13 service binary path that allows local attackers to escalate privileges. Attackers can place malicious executables in the system root path that will be executed with LocalSystem privileges during service startup or system reboot.

PUBLISHED Reserved 2026-05-15 | Published 2026-05-16 | Updated 2026-05-18 | Assigner VulnCheck

HIGH: 8.5CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

Unquoted Search Path or Element

Product status

13.0.0.157

affected

Credits

Jair Amezcua finder

References

www.exploit-db.com/exploits/49049 (ExploitDB-49049) exploit

www.iobit.com (Official Product Homepage) product

www.iobit.com/es/advancedsystemcarepro.php (Product Reference) product

www.vulncheck.com/...uoted-service-path-privilege-escalation (VulnCheck Advisory: Advanced System Care Service 13.0.0.157 Unquoted Service Path Privilege Escalation) third-party-advisory

cve.org (CVE-2020-37232)

nvd.nist.gov (CVE-2020-37232)

Download JSON