CVE-2017-20218
Unquoted Search Path and Privilege Escalation in Serviio PRO
Publication date: 2026-03-16
Last updated on: 2026-03-16
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| serviio | serviio_pro | to 1.8.0.0 (inc) |
| serviio | serviio_pro | 1.7.1 |
| serviio | serviio_pro | 1.7.0 |
| serviio | serviio_pro | 1.6.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2017-20218 is a local privilege escalation vulnerability in Serviio PRO 1.8 for Windows caused by an unquoted search path in the Serviio service executable path.
This flaw allows an authorized but non-privileged local user to execute arbitrary code with elevated privileges by placing malicious executables in the system root directory. Because the service path is unquoted, the system may execute these malicious binaries during service startup or system reboot.
Additionally, the Serviio installation has improper directory permissions that grant full control to the Users group over the Serviio directory and its subdirectories, including the executable file. This misconfiguration enables any authenticated user to replace the legitimate service executable with arbitrary binaries, further facilitating privilege escalation.
The service runs under the LocalSystem account, which means successful exploitation results in code execution with very high privileges.
How can this vulnerability impact me? :
This vulnerability can allow a local, authorized but non-privileged user to escalate their privileges to the highest system level (LocalSystem) on a Windows machine running Serviio PRO 1.8.
By exploiting the unquoted search path and improper directory permissions, an attacker can execute arbitrary code with elevated privileges, potentially gaining full control over the affected system.
This can lead to unauthorized actions such as installing malware, accessing sensitive data, modifying system configurations, or disrupting system operations.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking for the presence of the Serviio PRO service and inspecting its executable path for unquoted spaces, as well as verifying the file system permissions on the Serviio installation directory and executable.'}, {'type': 'list_item', 'content': 'Check the service executable path for unquoted spaces, especially the path "C:\\Program Files\\Serviio\\bin\\ServiioService.exe".'}, {'type': 'list_item', 'content': "Verify the permissions on the Serviio directory and its subdirectories to see if the 'Users' group has full control."}, {'type': 'list_item', 'content': 'On Windows, use the following commands:'}, {'type': 'list_item', 'content': '1. To check the service executable path: sc qc Serviio'}, {'type': 'list_item', 'content': '2. To check permissions on the Serviio directory: icacls "C:\\Program Files\\Serviio"'}, {'type': 'list_item', 'content': '3. To list running services and confirm Serviio is running: sc query Serviio'}, {'type': 'list_item', 'content': 'Look for unquoted paths in the service configuration and full control permissions for the Users group on the Serviio directory and executable.'}] [1, 2, 4]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Immediate mitigation steps include correcting the unquoted service path and restricting directory permissions to prevent unauthorized modification of the executable.'}, {'type': 'list_item', 'content': 'Quote the service executable path in the service configuration to prevent unquoted search path exploitation.'}, {'type': 'list_item', 'content': "Restrict the permissions on the Serviio installation directory and its subdirectories so that the 'Users' group does not have full control."}, {'type': 'list_item', 'content': 'Ensure that only trusted administrators have write access to the ServiioService.exe executable and related files.'}, {'type': 'list_item', 'content': 'Restart the Serviio service or reboot the system after applying these changes to ensure the fixes take effect.'}, {'type': 'paragraph', 'content': 'Additionally, consider updating to a fixed version of Serviio PRO if available.'}] [1, 2, 4]