Skip to content

42Gears Security and Compliance Standards

Advisory ID: 42G-2023-001

Shortened Description: Bypassing hardening via Unquoted Service path vulnerability


Severity (CVSSv3 Range): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Issue date: 2023-04-27

Updated on: 2023-04-28

CVE(s): CVE-2023-2331

Impacted products: Surelock Windows from 2.3.12 through 2.40.0

Affected component: SureLockWin8.exe service

Vulnerability Overview: Presence of Unquoted Service Path.This may allow an authorized local user to insert arbitrary code into the service.

Known Attack Vectors: A malicious actor,local system access,with Read privileges may be able to insert arbitrary code into the service.

Mitigations: Upgrade to Surelock windows v2.41.0

Acknowledgements: 42Gears would like to thank Philips India for responsibly reporting this issue to us.