CVE-2019-25310
Unquoted Service Path in ActiveFax Server Enables Privilege Escalation
Publication date: 2026-02-11
Last updated on: 2026-02-11
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| actfax | activefax | 6.92 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "This vulnerability exists in ActiveFax Server 6.92 Build 0316 and is an unquoted service path issue in the ActiveFaxServiceNT service. Because the service's binary path is not enclosed in quotes, Windows may misinterpret the path and allow a local attacker to place a malicious executable in a location that gets executed instead of the intended program."}, {'type': 'paragraph', 'content': 'This means that an attacker with local access can exploit this misconfiguration to execute arbitrary code with elevated administrative privileges.'}] [1]
How can this vulnerability impact me? :
The vulnerability allows local attackers to escalate their privileges by executing arbitrary code with administrative rights. This can lead to full control over the affected system, enabling attackers to install malware, steal sensitive data, or disrupt system operations.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking the service path of the ActiveFaxServiceNT service for unquoted paths on Windows systems.
- Use the command: sc qc ActiveFaxServiceNT
- Look for the BINARY_PATH_NAME output and verify if the path is unquoted, for example: C:\Program Files\ActiveFax\Server\ActSrvNT.exe without surrounding quotes.
An unquoted service path indicates the presence of this vulnerability, as it allows local attackers to place malicious executables in path segments that Windows may execute with elevated privileges.
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'To mitigate this vulnerability, immediately update the service path to include quotes around the executable path to prevent path parsing issues.'}, {'type': 'list_item', 'content': 'Modify the service configuration to quote the binary path, for example: "C:\\Program Files\\ActiveFax\\Server\\ActSrvNT.exe"'}, {'type': 'list_item', 'content': 'If possible, update or patch ActiveFax Server to a version where this vulnerability is fixed.'}, {'type': 'list_item', 'content': 'Restrict local user permissions to prevent unauthorized users from placing executables in directories referenced by the service path.'}, {'type': 'paragraph', 'content': 'These steps help prevent local attackers from exploiting the unquoted service path to execute arbitrary code with elevated privileges.'}] [1]