CVE-2020-37017Unquoted Search Path or Element in Codemeter

CWE-428Unquoted Search Path or Element4 documents4 sources
Severity
8.5HIGHNVD
EPSS
0.0%
top 96.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Wibu Codemeter
Timeline
PublishedJan 29

Description

CodeMeter 6.60 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CodeMeter Runtime Server service to inject malicious code that would execute with LocalSystem permissions.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages1 packages

CVEListV5wibu/codemeter6.60

🔴Vulnerability Details

2
GHSA
GHSA-9qvc-pgq6-f6qj: CodeMeter 62026-01-29
CVEList
CodeMeter 6.60 - 'CodeMeter.exe' Unquoted Service Path2026-01-29

🕵️Threat Intelligence

1
Wiz
CVE-2020-37017 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2020-37017 — Unquoted Search Path or Element | cvebase