CVE-2020-37099 PUBLISHED

Disk Savvy Enterprise 12.3.18 - 'disksvs.exe' Unquoted Service Path

Assigner: VulnCheck
Reserved: 01.02.2026 Published: 03.02.2026 Updated: 03.02.2026

Disk Savvy Enterprise 12.3.18 contains an unquoted service path vulnerability in its service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Savvy Enterprise\bin\disksvs.exe' to inject malicious executables and escalate privileges.

Metrics

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 8.5

Product Status

Vendor DiskSavvy
Product Disk Savvy Enterprise
Versions
  • Version 12.3.18 is affected

Credits

  • boku finder

References

Problem Types

  • Unquoted Search Path or Element CWE