CVE-2017-20218

Serviio PRO 1.8 contains an unquoted search path vulnerability in the Windows service that allows local users to execute arbitrary code with elevated privileges by placing malicious executables in the system root path. Additionally, improper directory permissions with full access for the Users group allow authenticated users to replace the executable file with arbitrary binaries, enabling privilege escalation during service startup or system reboot.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://blogs.securiteam.com/index.php/archives/3094
https://cxsecurity.com/issue/WLB-2017050019
https://exchange.xforce.ibmcloud.com/vulnerabilities/125644
https://packetstormsecurity.com/files/142384
https://www.exploit-db.com/exploits/41959/
https://www.vulncheck.com/advisories/serviio-pro-local-privilege-escalation-via-unquoted-path
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5405.php

Configurations

No configuration.

History

15 Apr 2026, 14:56

Type	Values Removed	Values Added
Summary		(es) Serviio PRO 1.8 contiene una vulnerabilidad de ruta de búsqueda sin comillas en el servicio de Windows que permite a usuarios locales ejecutar código arbitrario con privilegios elevados al colocar ejecutables maliciosos en la ruta raíz del sistema. Además, permisos de directorio incorrectos con acceso total para el grupo Usuarios permiten a usuarios autenticados reemplazar el archivo ejecutable con binarios arbitrarios, lo que permite la escalada de privilegios durante el inicio del servicio o el reinicio del sistema.

16 Mar 2026, 14:17

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-16 14:17

Updated : 2026-04-15 14:56

NVD link : CVE-2017-20218

Mitre link : CVE-2017-20218

CVE.ORG link : CVE-2017-20218

JSON object : View

Products Affected

No product.

CWE

CWE-428

Unquoted Search Path or Element

{"id": "CVE-2017-20218", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-16T14:17:51.317", "references": [{"url": "https://blogs.securiteam.com/index.php/archives/3094", "source": "disclosure@vulncheck.com"}, {"url": "https://cxsecurity.com/issue/WLB-2017050019", "source": "disclosure@vulncheck.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125644", "source": "disclosure@vulncheck.com"}, {"url": "https://packetstormsecurity.com/files/142384", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/41959/", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/serviio-pro-local-privilege-escalation-via-unquoted-path", "source": "disclosure@vulncheck.com"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5405.php", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-428"}]}], "descriptions": [{"lang": "en", "value": "Serviio PRO 1.8 contains an unquoted search path vulnerability in the Windows service that allows local users to execute arbitrary code with elevated privileges by placing malicious executables in the system root path. Additionally, improper directory permissions with full access for the Users group allow authenticated users to replace the executable file with arbitrary binaries, enabling privilege escalation during service startup or system reboot."}, {"lang": "es", "value": "Serviio PRO 1.8 contiene una vulnerabilidad de ruta de b\u00fasqueda sin comillas en el servicio de Windows que permite a usuarios locales ejecutar c\u00f3digo arbitrario con privilegios elevados al colocar ejecutables maliciosos en la ruta ra\u00edz del sistema. Adem\u00e1s, permisos de directorio incorrectos con acceso total para el grupo Usuarios permiten a usuarios autenticados reemplazar el archivo ejecutable con binarios arbitrarios, lo que permite la escalada de privilegios durante el inicio del servicio o el reinicio del sistema."}], "lastModified": "2026-04-15T14:56:45.970", "sourceIdentifier": "disclosure@vulncheck.com"}