CVE-2020-37021
Unquoted Service Path in 10-Strike Bandwidth Monitor Enables Privilege Escalation
Publication date: 2026-01-29
Last updated on: 2026-01-29
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| 10-strike | bandwidth_monitor | 3.9 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2020-37021 is an unquoted service path vulnerability in 10-Strike Bandwidth Monitor version 3.9. It affects multiple Windows services that run under the LocalSystem account but have executable paths containing spaces that are not enclosed in quotes. This misconfiguration allows a local attacker with limited privileges to place a malicious executable in certain file path locations. When the service starts, it may execute the malicious code with SYSTEM-level privileges, leading to privilege escalation. [1, 2]
How can this vulnerability impact me? :
This vulnerability can allow a local attacker to escalate their privileges from a limited user to SYSTEM level on the affected machine. This means the attacker could gain full control over the system, potentially leading to unauthorized access, modification, or destruction of data, installation of malware, or disruption of system operations. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by checking for unquoted service paths in the affected services. Specifically, look for services like 'Svc10StrikeBandMontitor', 'Svc10StrikeBMWD', and 'Svc10StrikeBMAgent' whose executable paths contain spaces but are not enclosed in quotes. On a Windows system, you can use the command: sc qc <ServiceName> to query the service configuration and inspect the BINARY_PATH_NAME for unquoted paths. For example, run 'sc qc Svc10StrikeBandMontitor' and check if the path is unquoted. If the path contains spaces and is not enclosed in quotes, the service is vulnerable. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include correcting the unquoted service paths by enclosing the executable paths in double quotes to prevent execution of malicious executables placed in unintended locations. Alternatively, restrict local user permissions to prevent placing executables in directories that could be exploited. Applying updates or patches from the vendor, if available, is also recommended. Since the vulnerability allows local privilege escalation, limiting local user access and auditing service configurations are critical immediate steps. [1, 2]