Executive Summary

CVE-2020-37061 is an unquoted service path vulnerability in BOOTP Turbo version 2.0.1214. This flaw allows local attackers to execute arbitrary code with elevated system privileges by exploiting the unquoted executable path of the BOOTP Turbo service. Because the service runs with LocalSystem permissions, malicious code injected into the unquoted path can be executed when the service starts, potentially leading to full system compromise. [1, 2]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can allow a local attacker to escalate their privileges and execute arbitrary code with SYSTEM-level permissions on the affected machine. This means the attacker could gain full control over the system, potentially leading to data theft, system manipulation, or disruption of services. [1, 2]

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by checking the service executable path for BOOTP Turbo 2.0.1214 on Windows systems to see if it is unquoted. Specifically, verify if the service path "C:\Program Files\BOOTP Turbo\bootpt.exe" is missing quotation marks. On a Windows system, you can use the command: sc qc "BOOTP Turbo" to query the service configuration and inspect the BINARY_PATH_NAME for unquoted paths. If the path is unquoted, the system is vulnerable to this issue. [2]

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability immediately, enclose the service executable path in quotation marks to prevent path parsing issues. For example, update the service path to ""C:\Program Files\BOOTP Turbo\bootpt.exe"". Additionally, restrict local user permissions to prevent unauthorized users from placing malicious executables in the service path directories. Restart the service after making these changes to ensure the fix takes effect. [1, 2]

Useful 0 Not Useful 0