CVE-2020-37037
Unknown Unknown - Not Provided
Unquoted Service Path in Avast SecureLine Enables Privilege Escalation

Publication date: 2026-02-01

Last updated on: 2026-02-01

Assigner: VulnCheck

Description
Avast SecureLine 5.5.522.0 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem account permissions during service startup.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-01
Last Modified
2026-02-01
Generated
2026-06-16
AI Q&A
2026-02-01
EPSS Evaluated
2026-06-14
NVD
CVE-2020-37037
EUVD
EUVD-2020-30973
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
avast secureline 5.5.522.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2020-37037 is an unquoted service path vulnerability in Avast SecureLine version 5.5.522.0. This means that the service's executable path is not properly quoted, allowing local attackers to insert malicious executables into directories along the service path. When the service starts, these malicious executables can run with elevated system privileges under the LocalSystem account, potentially allowing attackers to execute arbitrary code with high-level permissions. [1, 3]

Impact Analysis

This vulnerability can allow a local attacker to escalate their privileges by executing arbitrary code with LocalSystem account permissions. This means the attacker could gain full control over the affected system, compromising confidentiality, integrity, and availability of the system and its data. [1, 3]

Detection Guidance

This vulnerability can be detected by checking for unquoted service paths in the Avast SecureLine service configuration. Specifically, you can inspect the service executable path for missing quotes around directories with spaces. For example, on a Windows system, you can use the command: sc qc SecureLine to query the service configuration and check the ImagePath for unquoted paths. Additionally, you can manually verify if the service executable path "C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe" is unquoted. Detecting unquoted service paths involves looking for executable paths that contain spaces but are not enclosed in quotes, which can be exploited by placing malicious executables in those directories. [3]

Mitigation Strategies

Immediate mitigation steps include correcting the unquoted service path by enclosing the entire executable path in quotes to prevent malicious code injection. For example, update the service configuration to use a quoted path like ""C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe"". Additionally, ensure that only trusted users have local access to the system, as the vulnerability requires local access to exploit. Applying any available patches or updates from Avast for SecureLine is also recommended to address this issue. [1, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37037. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart