Vulnerability Details CVE-2022-23909
There is an unquoted service path in Sherpa Connector Service (SherpaConnectorService.exe) 2020.2.20328.2050. This might allow a local user to escalate privileges by creating a "C:\Program Files\Sherpa Software\Sherpa.exe" file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.2%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
- http://packetstormsecurity.com/files/166574/Sherpa-Connector-Service-2020.2.20328.2050-Unquoted-Service-Path.html
- https://github.com/netsectuna/CVE-2022-23909
- http://packetstormsecurity.com/files/166574/Sherpa-Connector-Service-2020.2.20328.2050-Unquoted-Service-Path.html
- https://github.com/netsectuna/CVE-2022-23909
Products affected by CVE-2022-23909
-
cpe:2.3:a:gimmal:sherpa_connector_service:2020.2.20328.2050
-
cpe:2.3:o:microsoft:windows:-