Vulners
Lucene search
TotalAV 5.15.69 Unquoted Service Path
🗓️ 22 Sep 2021 00:00:00Reported by Andrea IntilangeloType 
packetstorm🔗 packetstormsecurity.com👁 187 Views
| Reporter | Title | Published | Views | Family All 5 |
|---|---|---|---|---|
 | TotalAV 5.15.69 - Unquoted Service Path Vulnerability | 22 Sep 202100:00 | – | zdt |
 | 编号撤回 | 22 Sep 202100:00 | – | cnnvd |
 | CVE-2021-35313 | 24 Sep 202117:21 | – | cve |
 | CVE-2021-35313 | 24 Sep 202117:21 | – | cvelist |
 | CVE-2021-35313 | 24 Sep 202118:15 | – | nvd |
`# Exploit Title: TotalAV - Unquoted Service Path
# Date: 2021-09-22
# Exploit Author: Andrea Intilangelo
# Vendor Homepage: https://www.totalav.com
# Software Link: https://download.totalav.com/windows/beta-trial or https://install.protected.net/windows/cdn3/5.15.69/TotalAV.exe
# Version: 5.15.69
# Tested on: Windows 10 Pro 20H2 and 21H1 x64
# CVE: CVE-2021-35313
The PC Security Management Service, PC Security Management Monitoring Service, and Anti-Malware SDK Protected Service
services from TotalAV version 5.15.69 are affected by unquoted service path (CWE-428) vulnerability which may allow a
user to gain SYSTEM privileges since they all running with higher privileges. To exploit the vulnerability is possible
to place executable(s) following the path of the unquoted string.
Affected excecutables services: SecurityService, SecurityServiceMonitor, AMSProtectedService:
PC Security Management Service SecurityService C:\Program Files (x86)\TotalAV\SecurityService.exe Auto
PC Security Management Monitoring Service SecurityServiceMonitor C:\Program Files (x86)\TotalAV\SecurityService.exe --monitor Auto
Anti-Malware SDK Protected Service AMSProtectedService C:\Program Files (x86)\TotalAV\savapi\elam_ppl\amsprotectedservice.exe Auto
C:\Users\user>sc qc SecurityService
[SC] QueryServiceConfig OPERAZIONI RIUSCITE
NOME_SERVIZIO: SecurityService
TIPO : 10 WIN32_OWN_PROCESS
TIPO_AVVIO : 2 AUTO_START
CONTROLLO_ERRORE : 1 NORMAL
NOME_PERCORSO_BINARIO : C:\Program Files(x86)\TotalAV\SecurityService.exe
GRUPPO_ORDINE_CARICAMENTO :
TAG : 0
NOME_VISUALIZZATO : PC Security Management Service
DIPENDENZE :
SERVICE_START_NAME : LocalSystem
C:\Users\user>sc qc SecurityServiceMonitor
[SC] QueryServiceConfig OPERAZIONI RIUSCITE
NOME_SERVIZIO: SecurityServiceMonitor
TIPO : 10 WIN32_OWN_PROCESS
TIPO_AVVIO : 2 AUTO_START
CONTROLLO_ERRORE : 1 NORMAL
NOME_PERCORSO_BINARIO : C:\Program Files(x86)\TotalAV\SecurityService.exe --monitor
GRUPPO_ORDINE_CARICAMENTO :
TAG : 0
NOME_VISUALIZZATO : PC Security Management Monitoring Service
DIPENDENZE :
SERVICE_START_NAME : LocalSystem
C:\Users\user>sc qc AMSProtectedService
[SC] QueryServiceConfig OPERAZIONI RIUSCITE
NOME_SERVIZIO: AMSProtectedService
TIPO : 10 WIN32_OWN_PROCESS
TIPO_AVVIO : 2 AUTO_START
CONTROLLO_ERRORE : 1 NORMAL
NOME_PERCORSO_BINARIO : C:\Program Files (x86)\TotalAV\savapi\elam_ppl\amsprotectedservice.exe
GRUPPO_ORDINE_CARICAMENTO :
TAG : 0
NOME_VISUALIZZATO : Anti-Malware SDK Protected Service
DIPENDENZE :
SERVICE_START_NAME : LocalSystem
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
22 Sep 2021 00:00Current
0.1Low risk
Vulners AI Score0.1