Published: 05/04/2022 Updated: 12/04/2022

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

There is an unquoted service path in Sherpa Connector Service (SherpaConnectorService.exe) 2020.2.20328.2050. This might allow a local user to escalate privileges by creating a "C:\Program Files\Sherpa Software\Sherpa.exe" file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gimmal sherpa_connector_service 2020.2.20328.2050

Sherpa Connector Service version 20202203282050 suffers from an unquoted service path vulnerability ...

Unquoted Service Path privilege escalation vulnerability in Sherpa Connector Service.

CVE-2022-23909 Description: On Windows, the Sherpa Connector Service version 20202203282050 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges In case of a poorly configured system, where a low privileged user could write to the "Sherpa Software&qu

CWE-428 http://packetstormsecurity.com/files/166574/Sherpa-Connector-Service-2020.2.20328.2050-Unquoted-Service-Path.html https://github.com/netsectuna/CVE-2022-23909 https://nvd.nist.gov https://github.com/netsectuna/CVE-2022-23909 https://packetstormsecurity.com/files/166574/Sherpa-Connector-Service-2020.2.20328.2050-Unquoted-Service-Path.html

CVE-2022-23909

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect