Network Inventory Advisor 5.0.26.0 - 'niaservice' Unquoted Service Path

🗓️ 05 Nov 2019 00:00:00Reported by Samuel DiazLType

exploitdb🔗 www.exploit-db.com👁 252 Views

Network Inventory Advisor 5.0.26.0 - 'niaservice' Unquoted Service Path. Unquoted service path vulnerability in Network Inventory Advisor 5.0.26.0 niaservice servic

# Exploit Title: Network Inventory Advisor 5.0.26.0 - 'niaservice' Unquoted Service Path
# Date: 2019-11-04
# Exploit Author: Samuel DiazL
# Vendor Homepage: https://www.network-inventory-advisor.com/
# Software Link: https://www.network-inventory-advisor.com/download.html
# Version: 5.0.26.0
# Tested on: Microsoft Windows 10 Enterprise x64 ESP
# CVE: N/A

# Description:
# Network Inventory Advisor installs niaservice as a service with an unquoted service path

C:\Users\SD502812>sc qc niaservice
[SC] QueryServiceConfig CORRECTO

NOMBRE_SERVICIO: niaservice
        TIPO               : 10  WIN32_OWN_PROCESS
        TIPO_INICIO        : 2   AUTO_START
        CONTROL_ERROR      : 0   IGNORE
        NOMBRE_RUTA_BINARIO: C:\Program Files (x86)\ClearApps\Network Inventory Advisor\niaservice.exe
        GRUPO_ORDEN_CARGA  :
        ETIQUETA           : 0
        NOMBRE_MOSTRAR     : Network Inventory Advisor Service by ClearApps Software
        DEPENDENCIAS       :
        NOMBRE_INICIO_SERVICIO: LocalSystem

05 Nov 2019 00:00Current

7.4High risk

Vulners AI Score7.4

Network Inventory Advisor 5.0.26.0 - &#039;niaservice&#039; Unquoted Service Path

Network Inventory Advisor 5.0.26.0 - 'niaservice' Unquoted Service Path