CVE-2020-37229

HIGH

OKI sPSV Port Manager 1.0.41 Unquoted Service Path Privilege Escalation

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37229. PoCs published by Julio Aviña.

AI-analyzed exploit summary This is a technical writeup detailing an unquoted service path vulnerability in OKI sPSV Port Manager 1.0.41. It provides steps to identify the vulnerable service and explains the exploitation method, which involves inserting an executable into the service path to achieve privilege escalation.

Description

OKI sPSV Port Manager 1.0.41 contains an unquoted service path vulnerability in the sPSVOpLclSrv service that allows local attackers to escalate privileges by inserting executable files into the unquoted path. Attackers can place a malicious executable in a directory within the service path that will execute with LocalSystem privileges when the service restarts or the system reboots.

Exploits (1)

exploitdb WRITEUP

by Julio Aviña · textlocalwindows

https://www.exploit-db.com/exploits/49005

View Code ZIP pw:eip

This is a technical writeup detailing an unquoted service path vulnerability in OKI sPSV Port Manager 1.0.41. It provides steps to identify the vulnerable service and explains the exploitation method, which involves inserting an executable into the service path to achieve privilege escalation.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: OKI sPSV Port Manager 1.0.41

Auth required

Prerequisites: local access to the system · ability to insert an executable into the service path

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed May 16, 2026 Full analysis →

References (4)

Core 4

Core References

Product product

Product Reference

https://www.oki.com/mx/printing/download/sPSV_010041_2_270910.exe

Exploit exploit

ExploitDB-49005

https://www.exploit-db.com/exploits/49005

Product product

Official Product Homepage

https://www.oki.com/

Third Party Advisory third-party-advisory

VulnCheck Advisory: OKI sPSV Port Manager 1.0.41 Unquoted Service Path Privilege Escalation

https://www.vulncheck.com/advisories/oki-spsv-port-manager-unquoted-service-path-privilege-escalation

Scores

CVSS v3 7.8

EPSS 0.0011

EPSS Percentile 1.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-428

Status published

Products (1)

Oki/OKI sPSV Port Manager 1.0.41

Published May 16, 2026

Tracked Since May 16, 2026