CVE-2022-50923
Unquoted Service Path in CobianReflectorService Enables Privilege Escalation
Publication date: 2026-01-13
Last updated on: 2026-03-02
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cobiansoft | cobian_backup | 0.9.93 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an unquoted service path issue in Cobian Backup 0.9.93, specifically in the CobianReflectorService. Because the service's binary path is not enclosed in quotes, Windows may misinterpret the path and execute a malicious executable placed by a local attacker in a path segment before the legitimate service binary. This allows the attacker to execute arbitrary code with elevated LocalSystem privileges during service startup, effectively escalating their privileges on the system. [1, 2]
How can this vulnerability impact me? :
If exploited, this vulnerability allows a local attacker to run arbitrary code with LocalSystem privileges, which is the highest level of system access on Windows. This can lead to full control over the affected system, including the ability to install malware, steal sensitive data, disrupt system operations, or create persistent backdoors. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking the service binary path for unquoted spaces in the CobianReflectorService. On a Windows system, you can use the following command in an elevated command prompt or PowerShell to check the service path: sc qc CobianReflectorService. If the binary path contains spaces and is not enclosed in quotes, the system is vulnerable. Additionally, you can manually inspect the service path in the registry under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CobianReflectorService to verify if the path is unquoted. [2]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, you should quote the service binary path in the CobianReflectorService to prevent Windows from misinterpreting the path and executing malicious code. This can be done by editing the service configuration to enclose the executable path in double quotes. Alternatively, ensure that no malicious executables exist in any of the path segments before the actual service executable. Applying the latest patches or updates from the vendor, if available, is also recommended. [1, 2]