CVE-2020-36879

Flexsense DiskBoss Service Unquoted Service Path Vulnerability

CVSS 8.5 HIGHEPSS 0.2%CWE-428

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 8.5EPSS 0.2%KEV nãoPoC —Patch —

Ciclo de vida

05 dic 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Flexsense DiskBoss 11.7.28 allows unauthenticated attackers to elevate their privileges using any of its services, enabling remote code execution during startup or reboot with escalated privileges. Attackers can exploit the unquoted service path vulnerability by specifying a malicious service name in the 'sc qc' command, allowing them to execute arbitrary system commands.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Productos afectados

Flexsense · DiskBoss Flexsense · DiskBoss Enterprise Flexsense · DiskBoss Pro Flexsense · DiskBoss Server Flexsense · DiskBoss Ultimate

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.diskboss.com/https://www.diskboss.com/downloads.html https://www.exploit-db.com/exploits/49022 https://www.vulncheck.com/advisories/flexsense-diskboss-service-unquoted-service-path-vulnerability