CVE-2017-20218

HIGH

Serviio PRO 1.8 Local Privilege Escalation via Unquoted Path

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-20218. PoCs published by LiquidWorm.

AI-analyzed exploit summary The writeup details a local privilege escalation vulnerability in Serviio PRO 1.8 due to unquoted search path and improper permissions, allowing authenticated users to execute arbitrary code with elevated privileges.

Description

Serviio PRO 1.8 contains an unquoted search path vulnerability in the Windows service that allows local users to execute arbitrary code with elevated privileges by placing malicious executables in the system root path. Additionally, improper directory permissions with full access for the Users group allow authenticated users to replace the executable file with arbitrary binaries, enabling privilege escalation during service startup or system reboot.

Exploits (1)

exploitdb WRITEUP

by LiquidWorm · textlocalwindows

https://www.exploit-db.com/exploits/41959

View Code ZIP pw:eip

The writeup details a local privilege escalation vulnerability in Serviio PRO 1.8 due to unquoted search path and improper permissions, allowing authenticated users to execute arbitrary code with elevated privileges.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Serviio PRO 1.8.0.0

Auth required

Prerequisites: local user access · ability to insert code in system root path

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Mar 16, 2026 Full analysis →

References (7)

Core 7

Core References

Third Party Advisory third-party-advisory

Zero Science Lab Disclosure

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5405.php

Third Party Advisory third-party-advisory

SecuriTeam Blogs

https://blogs.securiteam.com/index.php/archives/3094

Exploit exploit

Exploit-DB

https://www.exploit-db.com/exploits/41959/

Exploit exploit

Packet Storm Security

https://packetstormsecurity.com/files/142384

Third Party Advisory third-party-advisory

CXSecurity

https://cxsecurity.com/issue/WLB-2017050019

Vdb Entry vdb-entry

IBM X-Force Exchange

https://exchange.xforce.ibmcloud.com/vulnerabilities/125644

Third Party Advisory third-party-advisory

VulnCheck Advisory: Serviio PRO 1.8 Local Privilege Escalation via Unquoted Path

https://www.vulncheck.com/advisories/serviio-pro-local-privilege-escalation-via-unquoted-path

Scores

CVSS v3 7.8

EPSS 0.0014

EPSS Percentile 3.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-428

Status published

Products (4)

Serviio/Serviio PRO 1.6.1

Serviio/Serviio PRO 1.7.0

Serviio/Serviio PRO 1.7.1

Serviio/Serviio PRO 1.8.0.0 PRO

Published Mar 16, 2026

Tracked Since Mar 16, 2026