CVE-2020-37098
Unquoted Service Path in Disk Sorter Enterprise Enables Privilege Escalation
Publication date: 2026-02-03
Last updated on: 2026-02-03
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| disk_sorter | disk_sorter_enterprise | to 12.4.16 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows local attackers to execute arbitrary code with elevated system privileges, potentially leading to full system compromise.
Such a compromise could result in unauthorized access, modification, or destruction of sensitive data, which may impact compliance with data protection standards and regulations like GDPR and HIPAA that require safeguarding data confidentiality, integrity, and availability.
However, the provided information does not explicitly describe the direct effects of this vulnerability on compliance with these standards.
Can you explain this vulnerability to me?
CVE-2020-37098 is an unquoted service path vulnerability found in Disk Sorter Enterprise version 12.4.16 and earlier. This flaw occurs because the service executable path is not enclosed in quotes, allowing local attackers to place malicious executables in a location that the system searches before the legitimate service executable.
When the service starts, it may execute the malicious executable with elevated system privileges, specifically with LocalSystem permissions, which grants full control over the affected system.
How can this vulnerability impact me? :
Exploitation of this vulnerability allows a local attacker to execute arbitrary code with elevated privileges on the affected system.
- Attackers can gain LocalSystem level access, which is the highest privilege level on Windows systems.
- This can lead to full system compromise, including unauthorized access, modification, or destruction of data.
- Malicious code can be injected and executed automatically when the vulnerable service starts.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking the service configuration for unquoted service paths. Specifically, you need to verify if the executable path of the Disk Sorter Enterprise service is not enclosed in quotes.'}, {'type': 'list_item', 'content': 'Use the command `wmic service get name, pathname, startmode` to list services along with their executable paths and start modes.'}, {'type': 'list_item', 'content': 'Use the command `sc qc "Disk Sorter Enterprise"` to query the configuration of the Disk Sorter Enterprise service and check if the executable path is unquoted.'}] [2]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update the service configuration to enclose the executable path in quotes. This prevents attackers from injecting malicious executables in the service path.
Additionally, ensure that only trusted users have local access to the system, as exploitation requires local access.
If possible, update Disk Sorter Enterprise to a version where this vulnerability is fixed or apply any vendor-provided patches.