Description
There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) in versions prior to 18.0 on Windows. This may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.ni.com/en-us/support/documentation/supplemental/21/unquoted-service-path-in-ni-service-locator.html
Scores
CVSS v3
7.8
EPSS
0.0023
EPSS Percentile
13.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-428
Status
published
Products (1)
ni/ni_service_locator
< 18.0.0.49152
Published
Nov 12, 2021
Tracked Since
Feb 18, 2026