Argus Surveillance DVR Unquoted Service Path Privilege Escalation Vulnerability

A privilege escalation vulnerability has been identified in Argus Surveillance DVR version 4.0. The issue arises from an unquoted service path in the DVRWatchdog service, allowing local attackers to exploit the service binary path. By placing a malicious executable in the Program Files directory, attackers can have it executed with LocalSystem privileges when the service starts.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation, with malicious executables being executed as the LocalSystem user.

Reproduction

To reproduce this vulnerability, first ensure that the 'Start as service on Windows Startup' option is enabled in the Program Options. Once this is set, place a malicious executable in the Program Files directory where Argus Surveillance DVR is installed. The executable will be executed with LocalSystem privileges when the DVRWatchdog service starts.