Deep Instinct Windows Agent Unquoted Service Path Vulnerability Allowing Elevated Privilege Code Execution
Vulnerability
A vulnerability exists in the Deep Instinct Windows Agent version 1.2.24.0, specifically within the DeepNetworkService. This vulnerability is an unquoted service path issue that enables local users to execute code with elevated privileges. The unquoted path in 'C:\Program Files\HP Sure Sense\DeepNetworkService.exe' can be exploited to inject malicious code that executes with LocalSystem permissions when the service starts.
Impact
Exploitation of this vulnerability could lead to unauthorized code execution with elevated privileges, allowing a local user to execute malicious actions or commands as the LocalSystem user.
Reproduction
The vulnerability can be reproduced by taking advantage of the unquoted service path in the DeepNetworkService. A local user can inject malicious code into the system root path, where it can be executed during the application startup or system reboot. The injected code will run with the same elevated privileges as the DeepNetworkService.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.