CVE-2020-36927
BaseFortify
Publication date: 2026-01-16
Last updated on: 2026-02-09
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| flexense | diskpulse | 13.6.14 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability allows a local attacker to execute arbitrary code with elevated privileges by exploiting the unquoted service path. This can lead to privilege escalation, compromising system security, potentially allowing the attacker to take full control of the affected system, modify or delete critical files, and disrupt normal operations. [1, 3]
Can you explain this vulnerability to me?
CVE-2020-36927 is an unquoted service path vulnerability in DiskPulse Enterprise version 13.6.14 on Windows. The service executable path contains spaces but is not enclosed in quotation marks, allowing local attackers with limited privileges to place malicious executables in the path. When the service starts, Windows may execute the malicious code instead of the intended executable, enabling arbitrary code execution and privilege escalation. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for unquoted service paths in the Windows service configuration, specifically for DiskPulse services. You can use Windows Management Instrumentation Command-line (WMIC) and Service Control (SC) commands to list services with auto-start enabled and query their binary paths. For example, use the command: `wmic service where startmode='auto' get name,pathname,startmode | findstr /i diskpls` to find the DiskPulse service path. Then check if the path is unquoted and contains spaces, such as `C:\Program Files\Disk Pulse Enterprise\bin\diskpls.exe`. Additionally, use `sc qc <service_name>` to query the service configuration and verify the binary path. Unquoted paths indicate vulnerability to this issue. [3]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, you should quote the service executable path in the Windows service configuration to prevent the system from misinterpreting the path and executing malicious code. Specifically, update the service path for DiskPulse Enterprise to enclose the entire executable path in double quotes, for example: `"C:\Program Files\Disk Pulse Enterprise\bin\diskpls.exe"`. Alternatively, restrict local user permissions to prevent placing malicious executables in the directories referenced by the service path. Applying the latest patches or updates from the vendor, if available, is also recommended. [1, 3]