ITeC ITeCProteccioAppServer Unquoted Service Path Privilege Escalation Vulnerability

A vulnerability exists in the ITeC ITeCProteccioAppServer due to an unquoted service path. This flaw allows local attackers to execute arbitrary code with elevated system privileges. By placing a malicious executable in the service path, attackers can gain elevated access when the service is restarted or the system is rebooted.

Impact

Exploitation of this vulnerability allows for unauthorized code execution with elevated privileges on the system.

Reproduction

To reproduce this vulnerability, a local attacker must insert a malicious executable into the unquoted service path of the ITeCProteccioAppServer. This can be done by placing the executable in a location that the service will access. Once the executable is in place, the service can be restarted or the system can be rebooted, at which point the malicious code will be executed with elevated privileges.