CVE-2020-36930
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2020-36930, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-16

Last updated on: 2026-02-09

Assigner: VulnCheck

Description

SysGauge Server 7.9.18 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\SysGauge Server\bin\sysgaus.exe' to inject malicious executables and escalate privileges.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-16
Last Modified
2026-02-09
Generated
2026-07-07
AI Q&A
2026-01-16
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
flexense sysgauge 7.9.18

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Detection Guidance

This vulnerability can be detected by checking for unquoted service paths in the SysGauge Server service configuration. You can use Windows Management Instrumentation Command-line (WMIC) and Service Control (sc) commands to query services with automatic start modes and identify unquoted paths. For example, use the command: wmic service get name,pathname,startmode | findstr /i "SysGauge" to find the service path, and then check if the path is unquoted. Additionally, use sc qc "SysGauge Server" to query the service configuration and verify if the binary path is unquoted. [1]

Executive Summary

This vulnerability is an unquoted service path issue in SysGauge Server version 7.9.18. The executable path for the service is not enclosed in quotes, which allows local attackers to place malicious executables in certain path segments. When the service starts, the system might execute the malicious executable instead of the intended one, enabling the attacker to run arbitrary code and escalate their privileges on the system. [1, 2]

Impact Analysis

If exploited, this vulnerability can allow a local attacker with limited privileges to execute arbitrary code with higher privileges. This can lead to privilege escalation, compromising the confidentiality, integrity, and availability of the affected system. The attacker could gain unauthorized access, modify system files, or disrupt system operations. [1, 2]

Mitigation Strategies

To mitigate this vulnerability immediately, you should quote the service binary path in the SysGauge Server service configuration to prevent the system from misinterpreting the path and executing malicious executables. Alternatively, ensure that no malicious executables exist in any of the path segments that could be exploited. Applying the latest patches or updates from the vendor, if available, is also recommended to fix the unquoted service path issue. [2]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-36930. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart