← voltar
CVE-2020-36879

Flexsense DiskBoss Service Unquoted Service Path Vulnerability

CVSS 8.5 HIGHEPSS 0.2%CWE-428
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 8.5EPSS 0.2%KEV nãoPoC Patch
Ciclo de vida
05 dez 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Flexsense DiskBoss 11.7.28 allows unauthenticated attackers to elevate their privileges using any of its services, enabling remote code execution during startup or reboot with escalated privileges. Attackers can exploit the unquoted service path vulnerability by specifying a malicious service name in the 'sc qc' command, allowing them to execute arbitrary system commands.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Produtos afetados
Flexsense · DiskBossFlexsense · DiskBoss EnterpriseFlexsense · DiskBoss ProFlexsense · DiskBoss ServerFlexsense · DiskBoss Ultimate

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.diskboss.com/https://www.diskboss.com/downloads.htmlhttps://www.exploit-db.com/exploits/49022https://www.vulncheck.com/advisories/flexsense-diskboss-service-unquoted-service-path-vulnerability