CVE-2023-53984
Unquoted Service Path in Clevo HotKey Clipboard Enables Privilege Escalation
Publication date: 2026-01-13
Last updated on: 2026-01-13
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| clevo | hotkey_clipboard | 2.1.0.6 |
| clevo | control_center | 3.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2023-53984 is a local privilege escalation vulnerability in Clevo HotKey Clipboard version 2.1.0.6 caused by an unquoted service path in the HKClipSvc Windows service. Because the service path contains spaces but is not enclosed in quotes, a local non-privileged user can place a malicious executable in certain locations that the system will execute with system-level privileges when starting the service. This allows the attacker to run arbitrary code with system privileges. [1, 3]
How can this vulnerability impact me? :
This vulnerability allows a local attacker with limited privileges to escalate their privileges to system level by executing arbitrary code. This can lead to full control over the affected system, compromising confidentiality, integrity, and availability of data and system resources. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking the service path of the HKClipSvc Windows service for unquoted paths containing spaces. On a Windows system, you can use the following command in an elevated command prompt or PowerShell to check the service path: sc qc HKClipSvc. If the path to the executable is unquoted and contains spaces (e.g., C:\Program Files (x86)\ControlCenter\Driver\x64\HKClipSvc.exe without quotes), the system is vulnerable. Additionally, you can use PowerShell to query the service path and inspect it for unquoted spaces. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include correcting the service path by adding quotes around the executable path in the HKClipSvc service configuration to prevent execution of malicious executables. Alternatively, you can temporarily disable the HKClipSvc service to prevent exploitation until a patched version is available. Ensuring that local users do not have write permissions to directories in the service path can also reduce risk. [1, 3]