CVE-2022-23909

HIGH

Sherpa Connector Service <2020.2.20328.2050 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2022-23909. PoCs published by Manthan Chhabra, netsectuna.

AI-analyzed exploit summary This is a writeup detailing the discovery of an unquoted service path vulnerability in Sherpa Connector Service. It includes commands to identify the vulnerability but does not contain executable exploit code.

Description

There is an unquoted service path in Sherpa Connector Service (SherpaConnectorService.exe) 2020.2.20328.2050. This might allow a local user to escalate privileges by creating a "C:\Program Files\Sherpa Software\Sherpa.exe" file.

Exploits (2)

exploitdb WRITEUP

by Manthan Chhabra · textlocalwindows

https://www.exploit-db.com/exploits/50852

View Code ZIP pw:eip

This is a writeup detailing the discovery of an unquoted service path vulnerability in Sherpa Connector Service. It includes commands to identify the vulnerability but does not contain executable exploit code.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Sherpa Connector Service v2020.2.20328.2050

Auth required

Prerequisites: Local access to the target system · Ability to execute commands with sufficient privileges

MITRE ATT&CK

T1574.009 - Path Interception by Unquoted Path

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WRITEUP 3 stars

by netsectuna · poc

https://github.com/netsectuna/CVE-2022-23909

View Code ZIP pw:eip

This repository documents an unquoted service path vulnerability in Sherpa Connector Service 2020.2.20328.2050 on Windows, allowing local privilege escalation to LocalSystem if a low-privileged user can write to specific directories.

Classification

Writeup 100%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Sherpa Connector Service 2020.2.20328.2050

Auth required

Prerequisites: Local access · Write permissions to 'Sherpa Software' or 'Sherpa Connector' directories · Administrative privileges for initial discovery

MITRE ATT&CK

T1574.009 - Path Interception by Unquoted Path

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/166574/Sherpa-Connector-Service-2020.2.20328.2050-Unquoted-Service-Path.html

Exploit, Third Party Advisory x_refsource_misc

https://github.com/netsectuna/CVE-2022-23909

Scores

CVSS v3 7.8

EPSS 0.0103

EPSS Percentile 59.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-428

Status published

Products (1)

gimmal/sherpa_connector_service 2020.2.20328.2050

Published Apr 05, 2022

Tracked Since Feb 18, 2026