CVE-2020-36958
Unquoted Service Path in KiteService Allows Local Code Execution
Publication date: 2026-01-26
Last updated on: 2026-01-26
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| unknown_vendor | kite | 1.2020.1119.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an unquoted service path issue in the KiteService Windows service of Kite version 1.2020.1119.0. Because the service executable path 'C:\Program Files\Kite\KiteService.exe' is not enclosed in quotes, a local attacker can exploit this by placing malicious executables in certain locations within the path. When the system tries to start the service, it may execute the malicious code instead of the legitimate service executable, allowing the attacker to run arbitrary code with elevated privileges. [1, 3]
How can this vulnerability impact me? :
This vulnerability can allow a local attacker to execute arbitrary code on the affected system with elevated privileges by exploiting the unquoted service path. This means the attacker can escalate their privileges, potentially gaining control over the system, compromising confidentiality, integrity, and availability of data and system resources. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for unquoted service paths in Windows services, specifically for the 'KiteService'. Commands such as Windows Management Instrumentation Command-line (WMIC) and Service Control (sc) can be used to identify services with unquoted paths that start automatically and are not located in the Windows directory. For example, using 'wmic service get name,pathname,startmode' to list services and their paths, and 'sc qc KiteService' to query the configuration of the KiteService can help detect the unquoted path issue. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include correcting the unquoted service path by enclosing the service executable path in quotes to prevent path hijacking. For the KiteService, the path 'C:\Program Files\Kite\KiteService.exe' should be updated to '"C:\Program Files\Kite\KiteService.exe"'. Additionally, restricting local user permissions to prevent unauthorized placement of executables in the service path directories can reduce risk. If possible, disabling or uninstalling the vulnerable KiteService until a patched version is available is recommended. [1, 3]