CVE-2022-50938
Unquoted Service Path in CONTPAQi AdminPAQ Allows Privilege Escalation
Publication date: 2026-01-13
Last updated on: 2026-01-13
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| contpaq | adminpaq | 14.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2022-50938 is an unquoted service path vulnerability in the AppKeyLicenseServer service of CONTPAQi AdminPAQ version 14.0.0. The service runs with LocalSystem privileges and its executable path contains spaces but is not enclosed in quotes. This allows a local attacker to place a malicious executable in a higher-level directory in the path hierarchy. When the service starts, the system may execute the attacker's malicious code instead of the legitimate service binary, leading to arbitrary code execution with elevated system privileges. [1, 2]
How can this vulnerability impact me? :
This vulnerability can allow a local attacker to escalate privileges by executing arbitrary code with LocalSystem privileges on the affected system. This means the attacker can gain full control over the system, potentially compromising confidentiality, integrity, and availability of data and system resources without detection by the operating system or security software. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect the unquoted service path vulnerability by checking the service executable path for unquoted paths containing spaces. For the AppKeyLicenseServer service, verify if the service path is unquoted. On Windows, you can use the command: sc qc AppKeyLicenseServer_CONTPAQi and inspect the BINARY_PATH_NAME for unquoted paths with spaces. Alternatively, use PowerShell: Get-WmiObject win32_service | Where-Object { $_.Name -eq 'AppKeyLicenseServer_CONTPAQi' } | Select-Object Name, PathName and check if the PathName is unquoted and contains spaces. If the path is unquoted and contains spaces, the system is vulnerable. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves correcting the unquoted service path by enclosing the executable path in double quotes to prevent malicious code injection. Specifically, update the AppKeyLicenseServer service's binary path to be quoted, for example: "C:\Program Files (x86)\Compac\Servidor de Licencias\AppkeyLicenseServer\AppKeyLicenseServer.exe". Additionally, restrict local user permissions to prevent placing executables in higher-level directories and consider applying any available patches or updates from the vendor. Reboot the system after making changes to ensure the fix takes effect. [1, 2]