CVE-2024-58288

Genexus Protection Server 9.7.2.10 contains an unquoted service path vulnerability in the protsrvservice Windows service configuration. Attackers can exploit the unquoted binary path to execute arbitrary code with elevated LocalSystem privileges by placing malicious executables in specific file system locations.

CVSS

No CVSS.

References

Link	Resource
https://www.exploit-db.com/exploits/52065
https://www.genexus.com/en/developers/downloadcenter?data=;;
https://www.genexus.com/es/
https://www.vulncheck.com/advisories/genexus-protection-server-unquoted-service-path-privilege-escalation

Configurations

No configuration.

History

11 Dec 2025, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-12-11 22:15

Updated : 2025-12-12 15:17

NVD link : CVE-2024-58288

Mitre link : CVE-2024-58288

CVE.ORG link : CVE-2024-58288

JSON object : View

Products Affected

No product.

CWE

CWE-428

Unquoted Search Path or Element

{"id": "CVE-2024-58288", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-12-11T22:15:49.373", "references": [{"url": "https://www.exploit-db.com/exploits/52065", "source": "disclosure@vulncheck.com"}, {"url": "https://www.genexus.com/en/developers/downloadcenter?data=;;", "source": "disclosure@vulncheck.com"}, {"url": "https://www.genexus.com/es/", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/genexus-protection-server-unquoted-service-path-privilege-escalation", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-428"}]}], "descriptions": [{"lang": "en", "value": "Genexus Protection Server 9.7.2.10 contains an unquoted service path vulnerability in the protsrvservice Windows service configuration. Attackers can exploit the unquoted binary path to execute arbitrary code with elevated LocalSystem privileges by placing malicious executables in specific file system locations."}], "lastModified": "2025-12-12T15:17:31.973", "sourceIdentifier": "disclosure@vulncheck.com"}

CVE-2024-58288

JSON object

Attach tags to CVE-2024-58288

Attach tags to `CVE-2024-58288`