Executive Summary

This vulnerability is an unquoted service path issue in TFTP Turbo version 4.6.1273 on Windows. The service executable path contains spaces but is not enclosed in quotes, which allows a local attacker to place a malicious executable in a path that Windows misinterprets. When the service starts, it may execute the malicious code with elevated LocalSystem privileges, leading to arbitrary code execution. [1]

Useful 0 Not Useful 0

Impact Analysis

An attacker with local access can exploit this vulnerability to execute arbitrary code with LocalSystem privileges, which is the highest level of privilege on a Windows system. This can lead to full system compromise, unauthorized access, and control over the affected machine. [1]

Useful 0 Not Useful 0

Detection Guidance

You can detect this vulnerability by checking the service path for unquoted spaces in the TFTP Turbo 4 service configuration. For example, use the command `sc qc "TFTP Turbo 4"` on Windows to query the service configuration and inspect the BINARY_PATH_NAME. If the path contains spaces and is not enclosed in quotes (e.g., C:\Program Files\TFTP Turbo 4\tftpt.exe), the service is vulnerable to this unquoted service path issue. [1]

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability, immediately update the service path to be properly quoted in the service configuration to prevent Windows from misinterpreting the path. Alternatively, move the executable to a path without spaces or apply the latest patches or updates from the vendor if available. Also, restrict local user permissions to prevent unauthorized code execution and consider disabling or stopping the service if it is not required. [1]

Useful 0 Not Useful 0