Wise Care 365 Unquoted Service Path Vulnerability in WiseBootAssistant

A unquoted service path vulnerability has been identified in Wise Care 365 version 5.6.7.568, specifically within the WiseBootAssistant service, which operates with LocalSystem privileges. This vulnerability allows attackers to place a malicious executable in the service path, which would then be executed with elevated system rights when the service is restarted.

Impact

Exploitation of this vulnerability allows for unauthorized execution of code with elevated privileges, potentially leading to full system compromise.

Reproduction

The vulnerability can be reproduced by inserting a malicious executable into the unquoted service path of the WiseBootAssistant service. This can be done by first identifying the service path using the Windows Management Instrumentation Command-line (WMIC) tool. Once the service path is known, the malicious executable can be placed in that location. When the service or system is restarted, the malicious executable will run with elevated privileges.