{"id":8773,"date":"2025-07-23T03:34:34","date_gmt":"2025-07-23T03:34:34","guid":{"rendered":"http:\/\/localhost\/?p=8773"},"modified":"2025-07-23T03:34:34","modified_gmt":"2025-07-23T03:34:34","slug":"windows-service-registered-with-an-unquoted-imagepath-vulnerability-in-the-system-registry","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=8773","title":{"rendered":"Windows service registered with an unquoted ImagePath vulnerability in the system registry"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nWindows service registered with an unquoted ImagePath vulnerability in the system registry<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-07-23T07:26:03.531Z<\/td>\n<\/tr>\n
Modified<\/th>\n2025-07-23T07:27:30.090Z<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nASUSTOR<\/td>\n<\/tr>\n
Product<\/th>\nABP and AES<\/td>\n<\/tr>\n
Version<\/th>\nABP 2.0<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n
Base Score<\/th>\n9.2 (CRITICAL)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:4.0\/AV:L\/AC:L\/AT:N\/PR:L\/UI:N\/VC:H\/VI:H\/VA:L\/SC:H\/SI:N\/SA:N<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nA vulnerability in the Windows service configuration of ABP and AES allows local attackers to execute arbitrary code via an unquoted ImagePath registry value. This could lead to privilege escalation to SYSTEM level if the service runs with elevated privileges.<\/td>\n<\/tr>\n
AI Severity<\/th>\nCritical<\/td>\n<\/tr>\n
AI Vendor<\/th>\nASUSTOR<\/td>\n<\/tr>\n
AI Product<\/th>\nABP and AES<\/td>\n<\/tr>\n
AI Version<\/th>\nABP 2.0.7.6130 and earlier, AES 1.0.6.6133 and earlier<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n