Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

TotalAV 5.15.69 - Unquoted Service Path

🗓️ 22 Sep 2021 00:00:00Reported by Andrea IntilangeloType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 508 Views

TotalAV 5.15.69 Unquoted Service Path Vulnerabilit

Code
# Exploit Title: TotalAV 5.15.69 - Unquoted Service Path
# Date: 22/09/2021
# Exploit Author: Andrea Intilangelo
# Vendor Homepage: https://www.totalav.com
# Software Link: https://download.totalav.com/windows/beta-trial or https://install.protected.net/windows/cdn3/5.15.69/TotalAV.exe
# Version: 5.15.69
# Tested on: Windows 10 Pro 20H2 and 21H1 x64

The PC Security Management Service, PC Security Management Monitoring Service, and Anti-Malware SDK Protected Service
services from TotalAV version 5.15.69 are affected by unquoted service path (CWE-428) vulnerability which may allow a
user to gain SYSTEM privileges since they all running with higher privileges. To exploit the vulnerability is possible
to place executable(s) following the path of the unquoted string.

Affected excecutables services: SecurityService, SecurityServiceMonitor, AMSProtectedService:

PC Security Management Service 			SecurityService 	C:\Program Files (x86)\TotalAV\SecurityService.exe 			Auto
PC Security Management Monitoring Service 	SecurityServiceMonitor	C:\Program Files (x86)\TotalAV\SecurityService.exe --monitor 		Auto
Anti-Malware SDK Protected Service		AMSProtectedService 	C:\Program Files (x86)\TotalAV\savapi\elam_ppl\amsprotectedservice.exe 	Auto

C:\Users\user>sc qc SecurityService
[SC] QueryServiceConfig OPERAZIONI RIUSCITE

NOME_SERVIZIO: SecurityService
		TIPO 			  : 10  WIN32_OWN_PROCESS
		TIPO_AVVIO 		  : 2   AUTO_START
		CONTROLLO_ERRORE 	  : 1   NORMAL
		NOME_PERCORSO_BINARIO	  : C:\Program Files(x86)\TotalAV\SecurityService.exe
		GRUPPO_ORDINE_CARICAMENTO :
		TAG 			  : 0
		NOME_VISUALIZZATO 	  : PC Security Management Service
		DIPENDENZE		  :
		SERVICE_START_NAME : LocalSystem

C:\Users\user>sc qc SecurityServiceMonitor
[SC] QueryServiceConfig OPERAZIONI RIUSCITE

NOME_SERVIZIO: SecurityServiceMonitor
		TIPO 			  : 10  WIN32_OWN_PROCESS
		TIPO_AVVIO 		  : 2   AUTO_START
		CONTROLLO_ERRORE	  : 1   NORMAL
		NOME_PERCORSO_BINARIO 	  : C:\Program Files(x86)\TotalAV\SecurityService.exe --monitor
		GRUPPO_ORDINE_CARICAMENTO :
		TAG 			  : 0
		NOME_VISUALIZZATO 	  : PC Security Management Monitoring Service
		DIPENDENZE 		  :
		SERVICE_START_NAME : LocalSystem

C:\Users\user>sc qc AMSProtectedService
[SC] QueryServiceConfig OPERAZIONI RIUSCITE

NOME_SERVIZIO: AMSProtectedService
		TIPO 			  : 10  WIN32_OWN_PROCESS
		TIPO_AVVIO 		  : 2   AUTO_START
		CONTROLLO_ERRORE	  : 1   NORMAL
		NOME_PERCORSO_BINARIO 	  : C:\Program Files (x86)\TotalAV\savapi\elam_ppl\amsprotectedservice.exe
		GRUPPO_ORDINE_CARICAMENTO :
		TAG 			  : 0
		NOME_VISUALIZZATO 	  : Anti-Malware SDK Protected Service
		DIPENDENZE 		  :
		SERVICE_START_NAME : LocalSystem

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
22 Sep 2021 00:00Current
7.4High risk
Vulners AI Score7.4
totalavunquoted service pathvulnerabilitywindows 10system privilegesexecutables services
508