Compliance Impact

The vulnerability allows local attackers to escalate privileges to LocalSystem level by exploiting an unquoted service path in Hotspot Shield 6.0.3. This privilege escalation can lead to unauthorized access and control over the affected system.

Such unauthorized privilege escalation and potential full system control can compromise the confidentiality, integrity, and availability of sensitive data, which may impact compliance with standards and regulations like GDPR and HIPAA that require strict access controls and protection of personal and health information.

However, the provided context and resources do not explicitly discuss or analyze the direct impact of this vulnerability on compliance with these standards.

Useful 0 Not Useful 0

Executive Summary

CVE-2016-20060 is an unquoted service path vulnerability in Hotspot Shield version 6.0.3. The vulnerability exists because the service binary path for the Hotspot Shield service is not enclosed in quotes, and the path contains spaces.

This allows a local attacker with limited privileges to place a malicious executable in a directory along the service path. When the service restarts or the system reboots, Windows may execute the malicious executable instead of the legitimate service binary.

Since the service runs with LocalSystem privileges, the malicious code runs with elevated system-level rights, allowing the attacker to escalate their privileges on the affected machine.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can allow a local attacker to escalate their privileges from a limited user account to full system-level control (LocalSystem privileges) on a machine running Hotspot Shield 6.0.3.

With elevated privileges, the attacker can execute arbitrary code with the highest system rights, potentially leading to full compromise of the affected system.

This can result in unauthorized access to sensitive data, modification or deletion of system files, installation of persistent malware, and disruption of system availability.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by checking the service path of the Hotspot Shield "hshld" service binary for unquoted paths containing spaces. Specifically, look for the service executable path that is not enclosed in quotes, such as: C:\Program Files\Hotspot Shield\bin\cmw_srv.exe.

On a Windows system, you can use the following command to check the service path for unquoted paths:

• sc qc hshld

If the binary path returned by this command contains spaces and is not enclosed in quotes, the system is vulnerable to this unquoted service path privilege escalation.

Additionally, you can manually inspect the service executable path in the Windows Registry under: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hshld\ImagePath to verify if the path is unquoted.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability immediately, you should correct the unquoted service path by enclosing the entire executable path in double quotes. This prevents Windows from interpreting parts of the path as separate executable locations.

Specifically, update the service binary path to be quoted, for example: "C:\Program Files\Hotspot Shield\bin\cmw_srv.exe".

This can be done by editing the service configuration using the following command with administrative privileges:

• sc config hshld binPath= ""C:\Program Files\Hotspot Shield\bin\cmw_srv.exe""

After updating the service path, restart the service or reboot the system to apply the changes.

Additionally, ensure that only trusted users have local access to the system to reduce the risk of exploitation.

Useful 0 Not Useful 0