42Gears Security and Compliance Standards
Advisory ID: 42G-2023-001
Shortened Description: Bypassing hardening via Unquoted Service path vulnerability
Severity (CVSSv3 Range): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Issue date: 2023-04-27
Updated on: 2023-04-28
Impacted products: Surelock Windows from 2.3.12 through 2.40.0
Affected component: SureLockWin8.exe service
Vulnerability Overview: Presence of Unquoted Service Path.This may allow an authorized local user to insert arbitrary code into the service.
Known Attack Vectors: A malicious actor,local system access,with Read privileges may be able to insert arbitrary code into the service.
Mitigations: Upgrade to Surelock windows v2.41.0
Acknowledgements: 42Gears would like to thank Philips India for responsibly reporting this issue to us.