Primary

Context

MegaTEC CMService Unquoted Service Path Vulnerability Allowing Privilege Escalation

Vulnerability

A vulnerability exists in the CMService.exe service, which operates with SYSTEM privileges and features an unquoted service path. This flaw enables a local attacker with write access to the filesystem to place a malicious executable in the service path, potentially leading to unauthorized privilege escalation.

Impact

Exploitation of this vulnerability could result in unauthorized privilege escalation, allowing a local attacker to gain elevated rights on the system.

Remediation

Users can download the latest firmware versions addressing this vulnerability from the MegaTEC Software Download Center. Specific firmware files are available for different MegaTEC NetAgent 9 models.

Added: Nov 26, 2025, 1:18 AM

Updated: Nov 26, 2025, 1:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

1.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

1.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MegaTEC CMService Unquoted Service Path Vulnerability Allowing Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating