CVE-2022-50688
Unquoted Service Path in Cobian Backup Enables Privilege Escalation
Publication date: 2025-12-22
Last updated on: 2025-12-22
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cobian_backup | cobian_backup | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2022-50688 is an unquoted service path vulnerability in Cobian Backup Gravity version 11.2.0.582. Because the service path for the CobianBackup11 Windows service is not enclosed in quotes, a local attacker can place a malicious executable in a directory path that the system might misinterpret during service startup. When the service starts, this malicious code executes with LocalSystem privileges, allowing the attacker to escalate their privileges and run arbitrary code on the system. [1, 2]
How can this vulnerability impact me? :
This vulnerability can allow a local attacker to execute arbitrary code with elevated system privileges (LocalSystem) on a machine running Cobian Backup Gravity 11.2.0.582. This means the attacker could gain full control over the affected system, potentially leading to unauthorized access, data manipulation, or disruption of system operations. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect the vulnerability by checking if the CobianBackup11 service executable path is unquoted. Specifically, verify the service path for the CobianBackup11 service to see if it is missing quotes around the path "C:\Program Files (x86)\Cobian Backup 11\cbService.exe". On a Windows system, you can use the command: sc qc CobianBackup11 and inspect the BINARY_PATH_NAME field for unquoted paths. If the path is unquoted and contains spaces, the system is vulnerable to this issue. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include correcting the service path by enclosing it in quotes to prevent the system from misinterpreting the path. This can be done by modifying the service configuration to quote the executable path. Alternatively, ensure that no malicious executables exist in any directory segments of the service path. Restrict local user permissions to prevent placing executables in these directories. Additionally, consider updating or patching the Cobian Backup Gravity software if an official fix is available. [1, 2]