Genexus Protection Server Unquoted Service Path Privilege Escalation Vulnerability

A vulnerability exists in Genexus Protection Server version 9.7.2.10, specifically within the 'protsrvservice' Windows service. The issue arises from an unquoted service path, which can be exploited by attackers to execute arbitrary code with elevated LocalSystem privileges. This is achieved by placing malicious executables in certain locations of the file system.

Impact

Exploitation of this vulnerability allows for unauthorized execution of code with high privileges, potentially leading to a full system compromise.

Reproduction

The vulnerability can be reproduced by first confirming the unquoted service path of the 'protsrvservice' using the 'sc qc' command. This will reveal the binary path, which is vulnerable to exploitation. Malicious executables can then be placed in specific locations to be executed by the service with elevated privileges.