Vulners
Lucene search
IOTransfer 4 Unquoted Service Path
🗓️ 11 Nov 2022 00:00:00Reported by BLAY ABU SAFIANType 
packetstorm🔗 packetstormsecurity.com👁 295 Views
| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
 | IOTransfer V4 - Unquoted Service Path Vulnerability | 11 Nov 202200:00 | – | zdt |
 | CVE-2022-37197 | 19 Nov 202200:29 | – | circl |
 | IOBit IOTransfer 代码问题漏洞 | 11 Nov 202200:00 | – | cnnvd |
 | CVE-2022-37197 | 18 Nov 202200:00 | – | cve |
 | CVE-2022-37197 | 18 Nov 202200:00 | – | cvelist |
 | IOTransfer V4 - Unquoted Service Path | 11 Nov 202200:00 | – | exploitdb |
 | EUVD-2022-39849 | 3 Oct 202520:07 | – | euvd |
 | CVE-2022-37197 | 18 Nov 202221:15 | – | nvd |
 | CVE-2022-37197 | 18 Nov 202221:15 | – | osv |
 | Path traversal | 18 Nov 202221:15 | – | prion |
10
`# Exploit Title: IOTransfer V4 - Unquoted Service Path
# Exploit Author: BLAY ABU SAFIAN (Inveteck Global)
# Discovery Date: 2022-28-07
# Vendor Homepage: http://www.iobit.com/en/index.php
# Software Link: https://iotransfer.itopvpn.com/download/
# Tested Version: V4
# Vulnerability Type: Unquoted Service Path
# Tested on OS: Microsoft Windows Server 2019 Standard Evaluation CVE-2022-37197
# Step to discover Unquoted Service Path:
C:\>wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """
IOTransfer Updater IOTUpdaterSvc C:\Program Files (x86)\IOTransfer\Updater\IOTUpdater.exe
Auto
C:\>sc qc IOTUpdaterSvc
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: IOTUpdaterSvc
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files (x86)\IOTransfer\Updater\IOTUpdater.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IOTransfer Updater
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem
C:\>systeminfo
OS Name: Microsoft Windows Server 2019 Standard Evaluation
OS Version: 10.0.17763 N/A Build 17763
OS Manufacturer: Microsoft Corporation
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
11 Nov 2022 00:00Current
0.6Low risk
Vulners AI Score0.6
EPSS0.00531