Common Weakness Enumeration

CWE-428

Allowed

Unquoted Search Path or Element

Abstraction: Base · Status: Draft

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

761 vulnerabilities reference this CWE, most recent first.

CVE-2024-58288 (GCVE-0-2024-58288)

Vulnerability from cvelistv5 – Published: 2025-12-11 21:33 – Updated: 2025-12-18 19:39
VLAI
Title
Genexus Protection Server 9.7.2.10 Unquoted Service Path Privilege Escalation
Summary
Genexus Protection Server 9.7.2.10 contains an unquoted service path vulnerability in the protsrvservice Windows service configuration. Attackers can exploit the unquoted binary path to execute arbitrary code with elevated LocalSystem privileges by placing malicious executables in specific file system locations.
SSVC
Exploitation: poc Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-428 - Unquoted Search Path or Element
Assigner
Impacted products
Date Public
2024-07-31 00:00
Credits
SamAlucard, Sam Alucard
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-58288",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-18T19:39:23.224695Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-18T19:39:32.649Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Genexus Protection Server",
          "vendor": "Genexus",
          "versions": [
            {
              "status": "affected",
              "version": "9.7.2.10"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "SamAlucard, Sam Alucard"
        }
      ],
      "datePublic": "2024-07-31T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eGenexus Protection Server 9.7.2.10 contains an unquoted service path vulnerability in the protsrvservice Windows service configuration. Attackers can exploit the unquoted binary path to execute arbitrary code with elevated LocalSystem privileges by placing malicious executables in specific file system locations.\u003c/p\u003e"
            }
          ],
          "value": "Genexus Protection Server 9.7.2.10 contains an unquoted service path vulnerability in the protsrvservice Windows service configuration. Attackers can exploit the unquoted binary path to execute arbitrary code with elevated LocalSystem privileges by placing malicious executables in specific file system locations."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-428",
              "description": "CWE-428: Unquoted Search Path or Element",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-11T21:33:58.572Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "ExploitDB-52065",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/52065"
        },
        {
          "name": "Official Genexus Homepage",
          "tags": [
            "product"
          ],
          "url": "https://www.genexus.com/es/"
        },
        {
          "name": "Genexus Software Download Center",
          "tags": [
            "product"
          ],
          "url": "https://www.genexus.com/en/developers/downloadcenter?data=;;"
        },
        {
          "name": "VulnCheck Advisory: Genexus Protection Server 9.7.2.10 Unquoted Service Path Privilege Escalation",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/genexus-protection-server-unquoted-service-path-privilege-escalation"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Genexus Protection Server 9.7.2.10 Unquoted Service Path Privilege Escalation",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2024-58288",
    "datePublished": "2025-12-11T21:33:58.572Z",
    "dateReserved": "2025-12-10T23:46:14.009Z",
    "dateUpdated": "2025-12-18T19:39:32.649Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-43457 (GCVE-0-2024-43457)

Vulnerability from cvelistv5 – Published: 2024-09-10 16:54 – Updated: 2024-12-31 23:03
VLAI
Title
Windows Setup and Deployment Elevation of Privilege Vulnerability
Summary
Windows Setup and Deployment Elevation of Privilege Vulnerability
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-428 - Unquoted Search Path or Element
Assigner
References
Impacted products
Vendor Product Version
Microsoft Windows 11 Version 24H2 Affected: 10.0.26100.0 , < 10.0.26100.1742 (custom)
Create a notification for this product.
Date Public
2024-09-10 07:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-43457",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T18:16:21.797855Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-10T18:28:17.672Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 11 Version 24H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.26100.1742",
              "status": "affected",
              "version": "10.0.26100.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.26100.1742",
                  "versionStartIncluding": "10.0.26100.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2024-09-10T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Windows Setup and Deployment Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-428",
              "description": "CWE-428: Unquoted Search Path or Element",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-31T23:03:18.698Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Windows Setup and Deployment Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43457"
        }
      ],
      "title": "Windows Setup and Deployment Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-43457",
    "datePublished": "2024-09-10T16:54:13.203Z",
    "dateReserved": "2024-08-14T01:08:33.515Z",
    "dateUpdated": "2024-12-31T23:03:18.698Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-36321 (GCVE-0-2024-36321)

Vulnerability from cvelistv5 – Published: 2025-05-13 17:05 – Updated: 2026-02-26 18:28
VLAI
Summary
Unquoted search path within AIM-T Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-428 - Unquoted Search Path or Element
Assigner
AMD
Impacted products
Date Public
2025-05-13 16:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36321",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-16T03:55:42.673623Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T18:28:25.495Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "AIM-T Manageability Service",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "4.0.0.891"
            }
          ]
        }
      ],
      "datePublic": "2025-05-13T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Unquoted search path within AIM-T Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution.\u003cbr\u003e"
            }
          ],
          "value": "Unquoted search path within AIM-T Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-428",
              "description": "CWE-428 Unquoted Search Path or Element",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-13T17:05:09.839Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9015.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2024-36321",
    "datePublished": "2025-05-13T17:05:09.839Z",
    "dateReserved": "2024-05-23T19:44:40.301Z",
    "dateUpdated": "2026-02-26T18:28:25.495Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-34010 (GCVE-0-2024-34010)

Vulnerability from cvelistv5 – Published: 2024-04-29 15:48 – Updated: 2026-04-10 13:16
VLAI
Summary
Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758, Acronis Cyber Protect 16 (Windows) before build 38690, Acronis True Image (Windows) before build 42386, Acronis True Image OEM (Windows) before build 42575.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Acronis Acronis Cyber Protect Cloud Agent Affected: unspecified , < 37758 (semver)
Create a notification for this product.
Acronis Acronis Cyber Protect 16 Affected: unspecified , < 38690 (semver)
Create a notification for this product.
Acronis Acronis True Image Affected: unspecified , < 42386 (semver)
Create a notification for this product.
Acronis Acronis True Image OEM Affected: unspecified , < 42575 (semver)
Create a notification for this product.
acronis cyber_protect_cloud_agent Affected: - , < build_37758 (custom)
    cpe:2.3:a:acronis:cyber_protect_cloud_agent:-:*:*:*:*:*:*:*
Create a notification for this product.
Credits
@cyberexplorer (https://hackerone.com/cyberexplorer)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:acronis:cyber_protect_cloud_agent:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cyber_protect_cloud_agent",
            "vendor": "acronis",
            "versions": [
              {
                "lessThan": "build_37758",
                "status": "affected",
                "version": "-",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-34010",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-29T16:59:36.817995Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:42:35.400Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:42:59.932Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SEC-7110",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security-advisory.acronis.com/advisories/SEC-7110"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Acronis Cyber Protect Cloud Agent",
          "vendor": "Acronis",
          "versions": [
            {
              "lessThan": "37758",
              "status": "affected",
              "version": "unspecified",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Acronis Cyber Protect 16",
          "vendor": "Acronis",
          "versions": [
            {
              "lessThan": "38690",
              "status": "affected",
              "version": "unspecified",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Acronis True Image",
          "vendor": "Acronis",
          "versions": [
            {
              "lessThan": "42386",
              "status": "affected",
              "version": "unspecified",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Acronis True Image OEM",
          "vendor": "Acronis",
          "versions": [
            {
              "lessThan": "42575",
              "status": "affected",
              "version": "unspecified",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "@cyberexplorer (https://hackerone.com/cyberexplorer)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758, Acronis Cyber Protect 16 (Windows) before build 38690, Acronis True Image (Windows) before build 42386, Acronis True Image OEM (Windows) before build 42575."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-428",
              "description": "CWE-428",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-10T13:16:47.709Z",
        "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "shortName": "Acronis"
      },
      "references": [
        {
          "name": "SEC-7110",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security-advisory.acronis.com/advisories/SEC-7110"
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
    "assignerShortName": "Acronis",
    "cveId": "CVE-2024-34010",
    "datePublished": "2024-04-29T15:48:14.398Z",
    "dateReserved": "2024-04-29T15:33:32.845Z",
    "dateUpdated": "2026-04-10T13:16:47.709Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-31226 (GCVE-0-2024-31226)

Vulnerability from cvelistv5 – Published: 2024-05-16 18:12 – Updated: 2024-08-15 14:28
VLAI
Title
Sunshine's unquoted executable path could lead to hijacked execution flow
Summary
Sunshine is a self-hosted game stream host for Moonlight. Users who ran Sunshine versions 0.17.0 through 0.22.2 as a service on Windows may be impacted when terminating the service if an attacked placed a file named `C:\Program.exe`, `C:\Program.bat`, or `C:\Program.cmd` on the user's computer. This attack vector isn't exploitable unless the user has manually loosened ACLs on the system drive. If the user's system locale is not English, then the name of the executable will likely vary. Version 0.23.0 contains a patch for the issue. Some workarounds are available. One may identify and block potentially malicious software executed path interception by using application control tools, like Windows Defender Application Control, AppLocker, or Software Restriction Policies where appropriate. Alternatively, ensure that proper permissions and directory access control are set to deny users the ability to write files to the top-level directory `C:`. Require that all executables be placed in write-protected directories.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-428 - Unquoted Search Path or Element
Assigner
Impacted products
Vendor Product Version
LizardByte Sunshine Affected: >= 0.17.0, < 0.23.0
Create a notification for this product.
lizardbyte sunshine Affected: 0.17 , < 0.23 (custom)
    cpe:2.3:a:lizardbyte:sunshine:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:46:04.972Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/LizardByte/Sunshine/security/advisories/GHSA-r3rw-mx4q-7vfp",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/LizardByte/Sunshine/security/advisories/GHSA-r3rw-mx4q-7vfp"
          },
          {
            "name": "https://github.com/LizardByte/Sunshine/pull/2379",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/LizardByte/Sunshine/pull/2379"
          },
          {
            "name": "https://github.com/LizardByte/Sunshine/commit/93e622342c4f3e9b34f5f265039b6775b8e33a7a",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/LizardByte/Sunshine/commit/93e622342c4f3e9b34f5f265039b6775b8e33a7a"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:lizardbyte:sunshine:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sunshine",
            "vendor": "lizardbyte",
            "versions": [
              {
                "lessThan": "0.23",
                "status": "affected",
                "version": "0.17",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-31226",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-23T20:37:55.439986Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-15T14:28:39.036Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Sunshine",
          "vendor": "LizardByte",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 0.17.0, \u003c 0.23.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Sunshine is a self-hosted game stream host for Moonlight. Users who ran Sunshine versions 0.17.0 through 0.22.2 as a service on Windows may be impacted when terminating the service if an attacked placed a file named `C:\\Program.exe`, `C:\\Program.bat`, or `C:\\Program.cmd` on the user\u0027s computer. This attack vector isn\u0027t exploitable unless the user has manually loosened ACLs on the system drive. If the user\u0027s system locale is not English, then the name of the executable will likely vary. Version 0.23.0 contains a patch for the issue. Some workarounds are available. One may identify and block potentially malicious software executed path interception by using application control tools, like Windows Defender Application Control, AppLocker, or Software Restriction Policies where appropriate. Alternatively, ensure that proper permissions and directory access control are set to deny users the ability to write files to the top-level directory `C:`. Require that all executables be placed in write-protected directories."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-428",
              "description": "CWE-428: Unquoted Search Path or Element",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-16T18:12:57.081Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/LizardByte/Sunshine/security/advisories/GHSA-r3rw-mx4q-7vfp",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/LizardByte/Sunshine/security/advisories/GHSA-r3rw-mx4q-7vfp"
        },
        {
          "name": "https://github.com/LizardByte/Sunshine/pull/2379",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/LizardByte/Sunshine/pull/2379"
        },
        {
          "name": "https://github.com/LizardByte/Sunshine/commit/93e622342c4f3e9b34f5f265039b6775b8e33a7a",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/LizardByte/Sunshine/commit/93e622342c4f3e9b34f5f265039b6775b8e33a7a"
        }
      ],
      "source": {
        "advisory": "GHSA-r3rw-mx4q-7vfp",
        "discovery": "UNKNOWN"
      },
      "title": "Sunshine\u0027s unquoted executable path could lead to hijacked execution flow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-31226",
    "datePublished": "2024-05-16T18:12:57.081Z",
    "dateReserved": "2024-03-29T14:16:31.902Z",
    "dateUpdated": "2024-08-15T14:28:39.036Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-31201 (GCVE-0-2024-31201)

Vulnerability from cvelistv5 – Published: 2024-07-31 13:17 – Updated: 2024-08-01 14:52
VLAI
Summary
A “CWE-428: Unquoted Search Path or Element” affects the ThermoscanIP_Scrutation service. Such misconfiguration could be abused in scenarios where incorrect permissions were assigned to the C:\ path to attempt a privilege escalation on the local machine.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-428 - Unquoted Search Path or Element
Assigner
Impacted products
Vendor Product Version
Plug&Track Thermoscan IP Affected: 20211103 (semver)
Create a notification for this product.
plug_and_track thermoscan_ip Affected: 20211103
    cpe:2.3:a:plug_and_track:thermoscan_ip:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Diego Zaffaroni of Nozomi Networks found this bug during a security research activity.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:plug_and_track:thermoscan_ip:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thermoscan_ip",
            "vendor": "plug_and_track",
            "versions": [
              {
                "status": "affected",
                "version": "20211103"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-31201",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-01T14:50:54.714006Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-01T14:52:47.793Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "platforms": [
            "Windows"
          ],
          "product": "Thermoscan IP",
          "vendor": "Plug\u0026Track",
          "versions": [
            {
              "status": "affected",
              "version": "20211103",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Diego Zaffaroni of Nozomi Networks found this bug during a security research activity."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A \u201cCWE-428: Unquoted Search Path or Element\u201d affects the ThermoscanIP_Scrutation service. Such misconfiguration could be abused in scenarios where incorrect permissions were assigned to the C:\\ path to attempt a privilege escalation on the local machine."
            }
          ],
          "value": "A \u201cCWE-428: Unquoted Search Path or Element\u201d affects the ThermoscanIP_Scrutation service. Such misconfiguration could be abused in scenarios where incorrect permissions were assigned to the C:\\ path to attempt a privilege escalation on the local machine."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-428",
              "description": "CWE-428 Unquoted Search Path or Element",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-31T13:17:30.914Z",
        "orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
        "shortName": "Nozomi"
      },
      "references": [
        {
          "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31201"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "No official patch available from vendor. Conduct regular and thorough reviews of logs and user accounts on systems running the Thermoscan IP software. This will help identify and address any suspicious activities early, ensuring that any potential security breaches are caught and remediated swiftly."
            }
          ],
          "value": "No official patch available from vendor. Conduct regular and thorough reviews of logs and user accounts on systems running the Thermoscan IP software. This will help identify and address any suspicious activities early, ensuring that any potential security breaches are caught and remediated swiftly."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
    "assignerShortName": "Nozomi",
    "cveId": "CVE-2024-31201",
    "datePublished": "2024-07-31T13:17:30.914Z",
    "dateReserved": "2024-03-29T08:32:14.699Z",
    "dateUpdated": "2024-08-01T14:52:47.793Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-25552 (GCVE-0-2024-25552)

Vulnerability from cvelistv5 – Published: 2024-03-01 07:49 – Updated: 2024-08-26 18:33
VLAI
Title
Wiesemann & Theis: Multiple products prone to unquoted search path
Summary
A local attacker can gain administrative privileges by inserting an executable file in the path of the affected product.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-428 - Unquoted Search Path or Element
Assigner
References
Impacted products
Vendor Product Version
W&T Com Redirector PnP Affected: 4.42
Create a notification for this product.
W&T Com Redirector Legacy Affected: 3.93
Create a notification for this product.
W&T OPC-Server Affected: 4.88
Create a notification for this product.
wut com-redirector Affected: 4.42
    cpe:2.3:h:wut:com-redirector:*:*:*:*:*:*:*:*
Create a notification for this product.
wut opc-server Affected: 4.88
    cpe:2.3:h:wut:opc-server:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T23:44:09.640Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en/advisories/VDE-2024-018"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:wut:com-redirector:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "com-redirector",
            "vendor": "wut",
            "versions": [
              {
                "status": "affected",
                "version": "4.42"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:wut:opc-server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "opc-server",
            "vendor": "wut",
            "versions": [
              {
                "status": "affected",
                "version": "4.88"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-25552",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-04T20:23:20.919936Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-26T18:33:44.194Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Com Redirector PnP",
          "vendor": "W\u0026T",
          "versions": [
            {
              "status": "affected",
              "version": "4.42"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Com Redirector Legacy",
          "vendor": "W\u0026T",
          "versions": [
            {
              "status": "affected",
              "version": "3.93"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "OPC-Server",
          "vendor": "W\u0026T",
          "versions": [
            {
              "status": "affected",
              "version": "4.88"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A local attacker can gain administrative privileges by inserting an executable file in the path of the affected product."
            }
          ],
          "value": "A local attacker can gain administrative privileges by inserting an executable file in the path of the affected product."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-428",
              "description": "CWE-428 Unquoted Search Path or Element",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-07T08:47:40.341Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://cert.vde.com/en/advisories/VDE-2024-018"
        }
      ],
      "source": {
        "advisory": "VDE-2024-018",
        "defect": [
          "CERT@VDE#64655"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Wiesemann \u0026 Theis: Multiple products prone to unquoted search path",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2024-25552",
    "datePublished": "2024-03-01T07:49:41.683Z",
    "dateReserved": "2024-02-07T09:21:45.248Z",
    "dateUpdated": "2024-08-26T18:33:44.194Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-22437 (GCVE-0-2024-22437)

Vulnerability from cvelistv5 – Published: 2024-04-15 09:21 – Updated: 2024-08-01 22:43
VLAI
Title
HPE MSA SAN Storage VSS Provider and CAPI Proxy Software, Elevation of Privilege
Summary
A potential security vulnerability has been identified in VSS Provider and CAPI Proxy software for certain HPE MSA storage products. This vulnerability could be exploited to gain elevated privilege on the system.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-428 - Unquoted Search Path or Element
Assigner
hpe
Impacted products
Date Public
2024-04-02 09:13
Credits
R Cooper of Environtec Limited
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-22437",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-15T13:13:01.628436Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-25T15:51:08.406Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:43:34.946Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbst04630en_us"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "HPE MSA SAN Storage VSS Provider and CAPI Proxy Software",
          "vendor": "Hewlett Packard Enterprise",
          "versions": [
            {
              "lessThan": "4.1.3.83",
              "status": "affected",
              "version": "N/A",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "R Cooper of Environtec Limited"
        }
      ],
      "datePublic": "2024-04-02T09:13:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA potential security vulnerability has been identified in VSS Provider and CAPI Proxy software for certain HPE MSA storage products. This vulnerability could be exploited to gain elevated privilege on the system.\u003c/span\u003e\n\n"
            }
          ],
          "value": "\nA potential security vulnerability has been identified in VSS Provider and CAPI Proxy software for certain HPE MSA storage products. This vulnerability could be exploited to gain elevated privilege on the system.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-428",
              "description": "CWE-428 Unquoted Search Path or Element",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-15T09:21:40.627Z",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US\u0026docId=hpesbst04630en_us"
        }
      ],
      "source": {
        "advisory": "HPESBST04630",
        "discovery": "UNKNOWN"
      },
      "title": "HPE MSA SAN Storage VSS Provider and CAPI Proxy Software, Elevation of Privilege",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2024-22437",
    "datePublished": "2024-04-15T09:21:40.627Z",
    "dateReserved": "2024-01-10T15:24:39.966Z",
    "dateUpdated": "2024-08-01T22:43:34.946Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-9325 (GCVE-0-2024-9325)

Vulnerability from cvelistv5 – Published: 2024-09-29 07:31 – Updated: 2024-11-04 19:13
VLAI
Title
Intelbras InControl incontrol-service-watchdog.exe unquoted search path
Summary
A vulnerability classified as critical has been found in Intelbras InControl up to 2.21.56. This affects an unknown part of the file C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. Upgrading to version 2.21.58 is able to address this issue. It is recommended to upgrade the affected component. The vendor was informed early on 2024-08-05 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Intelbras InControl Affected: 2.21.0
Affected: 2.21.1
Affected: 2.21.2
Affected: 2.21.3
Affected: 2.21.4
Affected: 2.21.5
Affected: 2.21.6
Affected: 2.21.7
Affected: 2.21.8
Affected: 2.21.9
Affected: 2.21.10
Affected: 2.21.11
Affected: 2.21.12
Affected: 2.21.13
Affected: 2.21.14
Affected: 2.21.15
Affected: 2.21.16
Affected: 2.21.17
Affected: 2.21.18
Affected: 2.21.19
Affected: 2.21.20
Affected: 2.21.21
Affected: 2.21.22
Affected: 2.21.23
Affected: 2.21.24
Affected: 2.21.25
Affected: 2.21.26
Affected: 2.21.27
Affected: 2.21.28
Affected: 2.21.29
Affected: 2.21.30
Affected: 2.21.31
Affected: 2.21.32
Affected: 2.21.33
Affected: 2.21.34
Affected: 2.21.35
Affected: 2.21.36
Affected: 2.21.37
Affected: 2.21.38
Affected: 2.21.39
Affected: 2.21.40
Affected: 2.21.41
Affected: 2.21.42
Affected: 2.21.43
Affected: 2.21.44
Affected: 2.21.45
Affected: 2.21.46
Affected: 2.21.47
Affected: 2.21.48
Affected: 2.21.49
Affected: 2.21.50
Affected: 2.21.51
Affected: 2.21.52
Affected: 2.21.53
Affected: 2.21.54
Affected: 2.21.55
Affected: 2.21.56
Create a notification for this product.
intelbras incontrol Affected: 0 , ≤ 2.21.56 (custom)
    cpe:2.3:a:intelbras:incontrol:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
j369 (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:intelbras:incontrol:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "incontrol",
            "vendor": "intelbras",
            "versions": [
              {
                "lessThanOrEqual": "2.21.56",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9325",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-30T19:34:40.235187Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-30T19:37:52.776Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "InControl",
          "vendor": "Intelbras",
          "versions": [
            {
              "status": "affected",
              "version": "2.21.0"
            },
            {
              "status": "affected",
              "version": "2.21.1"
            },
            {
              "status": "affected",
              "version": "2.21.2"
            },
            {
              "status": "affected",
              "version": "2.21.3"
            },
            {
              "status": "affected",
              "version": "2.21.4"
            },
            {
              "status": "affected",
              "version": "2.21.5"
            },
            {
              "status": "affected",
              "version": "2.21.6"
            },
            {
              "status": "affected",
              "version": "2.21.7"
            },
            {
              "status": "affected",
              "version": "2.21.8"
            },
            {
              "status": "affected",
              "version": "2.21.9"
            },
            {
              "status": "affected",
              "version": "2.21.10"
            },
            {
              "status": "affected",
              "version": "2.21.11"
            },
            {
              "status": "affected",
              "version": "2.21.12"
            },
            {
              "status": "affected",
              "version": "2.21.13"
            },
            {
              "status": "affected",
              "version": "2.21.14"
            },
            {
              "status": "affected",
              "version": "2.21.15"
            },
            {
              "status": "affected",
              "version": "2.21.16"
            },
            {
              "status": "affected",
              "version": "2.21.17"
            },
            {
              "status": "affected",
              "version": "2.21.18"
            },
            {
              "status": "affected",
              "version": "2.21.19"
            },
            {
              "status": "affected",
              "version": "2.21.20"
            },
            {
              "status": "affected",
              "version": "2.21.21"
            },
            {
              "status": "affected",
              "version": "2.21.22"
            },
            {
              "status": "affected",
              "version": "2.21.23"
            },
            {
              "status": "affected",
              "version": "2.21.24"
            },
            {
              "status": "affected",
              "version": "2.21.25"
            },
            {
              "status": "affected",
              "version": "2.21.26"
            },
            {
              "status": "affected",
              "version": "2.21.27"
            },
            {
              "status": "affected",
              "version": "2.21.28"
            },
            {
              "status": "affected",
              "version": "2.21.29"
            },
            {
              "status": "affected",
              "version": "2.21.30"
            },
            {
              "status": "affected",
              "version": "2.21.31"
            },
            {
              "status": "affected",
              "version": "2.21.32"
            },
            {
              "status": "affected",
              "version": "2.21.33"
            },
            {
              "status": "affected",
              "version": "2.21.34"
            },
            {
              "status": "affected",
              "version": "2.21.35"
            },
            {
              "status": "affected",
              "version": "2.21.36"
            },
            {
              "status": "affected",
              "version": "2.21.37"
            },
            {
              "status": "affected",
              "version": "2.21.38"
            },
            {
              "status": "affected",
              "version": "2.21.39"
            },
            {
              "status": "affected",
              "version": "2.21.40"
            },
            {
              "status": "affected",
              "version": "2.21.41"
            },
            {
              "status": "affected",
              "version": "2.21.42"
            },
            {
              "status": "affected",
              "version": "2.21.43"
            },
            {
              "status": "affected",
              "version": "2.21.44"
            },
            {
              "status": "affected",
              "version": "2.21.45"
            },
            {
              "status": "affected",
              "version": "2.21.46"
            },
            {
              "status": "affected",
              "version": "2.21.47"
            },
            {
              "status": "affected",
              "version": "2.21.48"
            },
            {
              "status": "affected",
              "version": "2.21.49"
            },
            {
              "status": "affected",
              "version": "2.21.50"
            },
            {
              "status": "affected",
              "version": "2.21.51"
            },
            {
              "status": "affected",
              "version": "2.21.52"
            },
            {
              "status": "affected",
              "version": "2.21.53"
            },
            {
              "status": "affected",
              "version": "2.21.54"
            },
            {
              "status": "affected",
              "version": "2.21.55"
            },
            {
              "status": "affected",
              "version": "2.21.56"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "j369 (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability classified as critical has been found in Intelbras InControl up to 2.21.56. This affects an unknown part of the file C:\\Program Files (x86)\\Intelbras\\Incontrol Cliente\\incontrol_webcam\\incontrol-service-watchdog.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. Upgrading to version 2.21.58 is able to address this issue. It is recommended to upgrade the affected component. The vendor was informed early on 2024-08-05 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20."
        },
        {
          "lang": "de",
          "value": "Es wurde eine Schwachstelle in Intelbras InControl bis 2.21.56 entdeckt. Sie wurde als kritisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei C:\\Program Files (x86)\\Intelbras\\Incontrol Cliente\\incontrol_webcam\\incontrol-service-watchdog.exe. Dank Manipulation mit unbekannten Daten kann eine unquoted search path-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Ein Aktualisieren auf die Version 2.21.58 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.8,
            "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-428",
              "description": "Unquoted Search Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-426",
              "description": "Untrusted Search Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-04T19:13:10.172Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-278829 | Intelbras InControl incontrol-service-watchdog.exe unquoted search path",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.278829"
        },
        {
          "name": "VDB-278829 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.278829"
        },
        {
          "name": "Submit #385397 | Intelbras InControl 2.21.56 Unquoted Search Path",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.385397"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://backend.intelbras.com/sites/default/files/2024-10/Aviso%20de%20Seguran%C3%A7a%20-%20Incontrol%202.21.56%20e%202.21.57.pdf"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://download.cronos.intelbras.com.br/download/INCONTROL/INCONTROL-WEB/prod/INCONTROL-WEB-2.21.58-233dfd1ac1e2ca3eabb71c854005c78b.exe"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-09-28T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-09-28T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-11-04T20:17:01.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Intelbras InControl incontrol-service-watchdog.exe unquoted search path"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-9325",
    "datePublished": "2024-09-29T07:31:04.316Z",
    "dateReserved": "2024-09-28T13:30:20.245Z",
    "dateUpdated": "2024-11-04T19:13:10.172Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-9287 (GCVE-0-2024-9287)

Vulnerability from cvelistv5 – Published: 2024-10-22 16:34 – Updated: 2025-11-03 22:33
VLAI
Title
Virtual environment (venv) activation scripts don't quote paths
Summary
A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-428 - Unquoted Search Path or Element
Assigner
PSF
Impacted products
Vendor Product Version
Python Software Foundation CPython Affected: 0 , < 3.9.21 (python)
Affected: 3.10.0 , < 3.10.16 (python)
Affected: 3.11.0 , < 3.11.11 (python)
Affected: 3.12.0 , < 3.12.8 (python)
Affected: 3.13.0 , < 3.13.1 (python)
Affected: 3.14.0a1 , < 3.14.0a2 (python)
Create a notification for this product.
python cpython Affected: 0 , ≤ 3.13.0 (python)
    cpe:2.3:a:python:cpython:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:python:cpython:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cpython",
            "vendor": "python",
            "versions": [
              {
                "lessThanOrEqual": "3.13.0",
                "status": "affected",
                "version": "0",
                "versionType": "python"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9287",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-22T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-23T03:55:30.029Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:33:21.116Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250425-0006/"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "venv"
          ],
          "product": "CPython",
          "repo": "https://github.com/python/cpython",
          "vendor": "Python Software Foundation",
          "versions": [
            {
              "lessThan": "3.9.21",
              "status": "affected",
              "version": "0",
              "versionType": "python"
            },
            {
              "lessThan": "3.10.16",
              "status": "affected",
              "version": "3.10.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.11.11",
              "status": "affected",
              "version": "3.11.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.12.8",
              "status": "affected",
              "version": "3.12.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.13.1",
              "status": "affected",
              "version": "3.13.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.14.0a2",
              "status": "affected",
              "version": "3.14.0a1",
              "versionType": "python"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts (ie \"source venv/bin/activate\"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren\u0027t activated before being used (ie \"./venv/bin/python\") are not affected.\u003cbr\u003e"
            }
          ],
          "value": "A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts (ie \"source venv/bin/activate\"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren\u0027t activated before being used (ie \"./venv/bin/python\") are not affected."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "providerUrgency": "GREEN",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/U:Green",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-428",
              "description": "CWE-428 Unquoted Search Path or Element",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-31T19:55:27.648Z",
        "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "shortName": "PSF"
      },
      "references": [
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/python/cpython/issues/124651"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/pull/124712"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/e52095a0c1005a87eed2276af7a1f2f66e2b6483"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/633555735a023d3e4d92ba31da35b1205f9ecbd7"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/8450b2482586857d689b6658f08de9c8179af7db"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/9286ab3a107ea41bd3f3c3682ce2512692bdded8"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/ae961ae94bf19c8f8c7fbea3d1c25cc55ce8ae97"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/d48cc82ed25e26b02eb97c6263d95dcaa1e9111b"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Virtual environment (venv) activation scripts don\u0027t quote paths",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
    "assignerShortName": "PSF",
    "cveId": "CVE-2024-9287",
    "datePublished": "2024-10-22T16:34:39.210Z",
    "dateReserved": "2024-09-27T14:48:44.181Z",
    "dateUpdated": "2025-11-03T22:33:21.116Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation
Implementation

Properly quote the full search path before executing a program on the system.

Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
Mitigation MIT-20
Implementation

Strategy: Input Validation

Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.

No CAPEC attack patterns related to this CWE.