{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2017-20218", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-15T17:44:18.599Z", "datePublished": "2026-03-15T18:34:25.800Z", "dateUpdated": "2026-03-16T14:20:17.881Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-15T18:34:25.800Z" }, "datePublic": "2017-05-03T00:00:00.000Z", "title": "Serviio PRO 1.8 Local Privilege Escalation via Unquoted Path", "descriptions": [ { "lang": "en", "value": "Serviio PRO 1.8 contains an unquoted search path vulnerability in the Windows service that allows local users to execute arbitrary code with elevated privileges by placing malicious executables in the system root path. Additionally, improper directory permissions with full access for the Users group allow authenticated users to replace the executable file with arbitrary binaries, enabling privilege escalation during service startup or system reboot." } ], "problemTypes": [ { "descriptions": [ { "lang": "en", "description": "Unquoted Search Path or Element", "cweId": "CWE-428", "type": "CWE" } ] } ], "affected": [ { "vendor": "Serviio", "product": "Serviio PRO", "versions": [ { "version": "1.8.0.0 PRO", "status": "affected" }, { "version": "1.7.1", "status": "affected" }, { "version": "1.7.0", "status": "affected" }, { "version": "1.6.1", "status": "affected" } ] } ], "metrics": [ { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.5, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS" }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "references": [ { "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5405.php", "name": "Zero Science Lab Disclosure", "tags": [ "third-party-advisory" ] }, { "url": "https://blogs.securiteam.com/index.php/archives/3094", "name": "SecuriTeam Blogs", "tags": [ "third-party-advisory" ] }, { "url": "https://www.exploit-db.com/exploits/41959/", "name": "Exploit-DB", "tags": [ "exploit" ] }, { "url": "https://packetstormsecurity.com/files/142384", "name": "Packet Storm Security", "tags": [ "exploit" ] }, { "url": "https://cxsecurity.com/issue/WLB-2017050019", "name": "CXSecurity", "tags": [ "third-party-advisory" ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125644", "name": "IBM X-Force Exchange", "tags": [ "vdb-entry" ] }, { "name": "VulnCheck Advisory: Serviio PRO 1.8 Local Privilege Escalation via Unquoted Path", "tags": [ "third-party-advisory" ], "url": "https://www.vulncheck.com/advisories/serviio-pro-local-privilege-escalation-via-unquoted-path" } ], "credits": [ { "lang": "en", "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab", "type": "finder" } ], "x_generator": { "engine": "vulncheck" } }, "adp": [ { "metrics": [ { "other": { "type": "ssvc", "content": { "id": "CVE-2017-20218", "role": "CISA Coordinator", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "version": "2.0.3", "timestamp": "2026-03-16T14:11:16.737290Z" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T14:20:17.881Z" } } ] } }