Executive Summary

This vulnerability is an unquoted service path issue in the WiseBootAssistant service of Wise Care 365 version 5.6.7.568. Because the service path is not enclosed in quotes, an attacker with limited local privileges can place a malicious executable in the service path directories. When the service restarts, this malicious executable runs with elevated LocalSystem privileges, allowing the attacker to escalate their privileges on the system. [2, 3]

Useful 0 Not Useful 0

Impact Analysis

The vulnerability can allow an attacker with limited local access to execute malicious code with elevated system privileges (LocalSystem). This means the attacker can gain full control over the affected system, potentially installing malware, stealing data, or disrupting system operations. [2, 3]

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by querying the service configuration to check for unquoted service paths. Commands such as 'wmic service where name="WiseBootAssistant" get PathName' and 'sc qc WiseBootAssistant' can be used to view the service executable path. If the path is not enclosed in quotes and contains spaces, it indicates the presence of the unquoted service path vulnerability. [3]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include correcting the service path by enclosing it in quotes to prevent execution of malicious executables placed in the service path. Additionally, restricting write permissions to the directories in the service path to prevent attackers from placing malicious executables can help mitigate the risk. Restarting the service after applying these changes ensures the fix takes effect. [2, 3]

Useful 0 Not Useful 0