CVE-2020-37017
Unknown Unknown - Not Provided
Unquoted Service Path in CodeMeter 6.60 Enables Privilege Escalation

Publication date: 2026-01-29

Last updated on: 2026-02-09

Assigner: VulnCheck

Description
CodeMeter 6.60 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CodeMeter Runtime Server service to inject malicious code that would execute with LocalSystem permissions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-29
Last Modified
2026-02-09
Generated
2026-06-16
AI Q&A
2026-01-29
EPSS Evaluated
2026-06-14
NVD
CVE-2020-37017
EUVD
EUVD-2020-30921
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wibu-systems codemeter 6.60
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2020-37017 is an unquoted service path vulnerability in CodeMeter version 6.60. The CodeMeter Runtime Server service executable path contains spaces but is not enclosed in quotes, which allows a local attacker to place a malicious executable in a directory along the path. When the service starts, this malicious code can be executed with elevated LocalSystem privileges, enabling arbitrary code execution with high system access. [1, 3]

Impact Analysis

This vulnerability can lead to local privilege escalation, allowing an attacker with local access to execute arbitrary code with SYSTEM-level privileges. This can compromise the confidentiality, integrity, and availability of the affected system, potentially leading to full system compromise or unauthorized control over software licensing and related services managed by CodeMeter. [1, 3]

Detection Guidance

This vulnerability can be detected by checking for unquoted service paths in the CodeMeter Runtime Server service executable path. Specifically, you can query Windows Management Instrumentation (WMI) to identify services with auto-start mode and unquoted paths that contain spaces, excluding system directories. For example, using PowerShell, you can run commands to list services with unquoted paths such as: Get-WmiObject win32_service | Where-Object { $_.PathName -like '* *' -and $_.PathName -notlike '"*"*' } | Select-Object Name, PathName. Then, verify if the CodeMeter Runtime Server service executable path is unquoted (e.g., C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe). This detection helps identify if the service is vulnerable to path injection attacks. [3]

Mitigation Strategies

Immediate mitigation steps include correcting the unquoted service path by enclosing the executable path in quotes to prevent malicious code injection. Specifically, update the service configuration to quote the path to CodeMeter.exe, for example: "C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe". Additionally, restrict write permissions on directories in the service path to prevent unauthorized users from placing malicious executables. If possible, update CodeMeter Runtime software to a version where this vulnerability is fixed or apply vendor-provided patches. As a temporary measure, consider disabling or stopping the CodeMeter Runtime Server service if it is not critical to operations until the issue is resolved. [1, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37017. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart