CVE-2020-37037
Unknown Unknown - Not Provided

Unquoted Service Path in Avast SecureLine Enables Privilege Escalation

Vulnerability report for CVE-2020-37037, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-01

Last updated on: 2026-02-01

Assigner: VulnCheck

Description

Avast SecureLine 5.5.522.0 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem account permissions during service startup.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-01
Last Modified
2026-02-01
Generated
2026-07-06
AI Q&A
2026-02-01
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
avast secureline 5.5.522.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2020-37037 is an unquoted service path vulnerability in Avast SecureLine version 5.5.522.0. This means that the service's executable path is not properly quoted, allowing local attackers to insert malicious executables into directories along the service path. When the service starts, these malicious executables can run with elevated system privileges under the LocalSystem account, potentially allowing attackers to execute arbitrary code with high-level permissions. [1, 3]

Impact Analysis

This vulnerability can allow a local attacker to escalate their privileges by executing arbitrary code with LocalSystem account permissions. This means the attacker could gain full control over the affected system, compromising confidentiality, integrity, and availability of the system and its data. [1, 3]

Detection Guidance

This vulnerability can be detected by checking for unquoted service paths in the Avast SecureLine service configuration. Specifically, you can inspect the service executable path for missing quotes around directories with spaces. For example, on a Windows system, you can use the command: sc qc SecureLine to query the service configuration and check the ImagePath for unquoted paths. Additionally, you can manually verify if the service executable path "C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe" is unquoted. Detecting unquoted service paths involves looking for executable paths that contain spaces but are not enclosed in quotes, which can be exploited by placing malicious executables in those directories. [3]

Mitigation Strategies

Immediate mitigation steps include correcting the unquoted service path by enclosing the entire executable path in quotes to prevent malicious code injection. For example, update the service configuration to use a quoted path like ""C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe"". Additionally, ensure that only trusted users have local access to the system, as the vulnerability requires local access to exploit. Applying any available patches or updates from Avast for SecureLine is also recommended to address this issue. [1, 3]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37037. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart