VX Search Unquoted Service Path Privilege Escalation Vulnerability

A privilege escalation vulnerability has been identified in VX Search version 13.5.28, affecting both the VX Search Server and VX Search Enterprise services. The issue arises from an unquoted service path, which allows local attackers to execute arbitrary code with LocalSystem privileges. Exploitation involves placing malicious executables in directories associated with the unquoted paths, such as 'C:\Program Files\VX Search', and waiting for the services to restart.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation, enabling local attackers to execute arbitrary code with LocalSystem rights.

Reproduction

The vulnerability can be reproduced by placing a malicious executable in the unquoted service path directory, such as 'C:\Program Files\VX Search'. After placing the executable, restarting the VX Search Server or VX Search Enterprise services will trigger the execution of the malicious code with LocalSystem privileges.