{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/kite-4.2.0.1-u1/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2020-37247"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Kite 4.2.0.1 U1"],"_cs_severities":["high"],"_cs_tags":["privilege-escalation","unquoted service path","cve-2020-37247","windows"],"_cs_type":"threat","_cs_vendors":["Kite"],"content_html":"\u003cp\u003eKite 4.2.0.1 U1 suffers from an unquoted service path vulnerability within its KiteService Windows service. This weakness allows a local attacker with low privileges to escalate their privileges to LocalSystem. By exploiting the unquoted service path, an attacker can insert a malicious executable into a directory that is part of the service\u0026rsquo;s execution path. When the KiteService service starts, it will inadvertently execute the attacker-controlled binary with elevated privileges, granting the attacker full control over the system. This vulnerability has been assigned CVE-2020-37247.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains low-privilege access to the target Windows system.\u003c/li\u003e\n\u003cli\u003eAttacker identifies the vulnerable KiteService service with an unquoted path.\u003c/li\u003e\n\u003cli\u003eAttacker analyzes the service path to identify directories where they can write files.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious executable, named to match an expected part of the unquoted path (e.g., \u0026ldquo;Program.exe\u0026rdquo; if the path is \u0026ldquo;C:\\Program Files\\Kite\\Program Files\\KiteService.exe\u0026rdquo;).\u003c/li\u003e\n\u003cli\u003eAttacker places the malicious executable in a directory within the service\u0026rsquo;s path (e.g., C:\\Program Files\\Kite).\u003c/li\u003e\n\u003cli\u003eAttacker triggers a restart of the KiteService service (e.g., by rebooting the machine or stopping/starting the service).\u003c/li\u003e\n\u003cli\u003eWindows attempts to execute the KiteService service. Due to the unquoted path, it first executes the attacker\u0026rsquo;s malicious executable with LocalSystem privileges.\u003c/li\u003e\n\u003cli\u003eThe attacker\u0026rsquo;s executable performs privileged actions, effectively escalating the attacker\u0026rsquo;s privileges.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this unquoted service path vulnerability allows a local attacker to escalate their privileges to LocalSystem. This grants the attacker complete control over the compromised system, allowing them to install software, modify data, and create new accounts with full administrative rights. The CVE has a CVSS v3.1 score of 7.8, indicating a high severity.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Unquoted Service Path Exploitation\u003c/code\u003e to your SIEM and tune for your environment to identify potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eApply the official patch from Kite (if available) to remediate the unquoted service path vulnerability described in CVE-2020-37247.\u003c/li\u003e\n\u003cli\u003eMonitor process creation events for the execution of unexpected executables from directories within the unquoted service path, as described in the attack chain.\u003c/li\u003e\n\u003cli\u003eImplement application control policies to restrict the execution of unauthorized executables within directories commonly affected by unquoted service path vulnerabilities (e.g., C:\\Program Files, C:\\Program Files (x86)).\u003c/li\u003e\n\u003cli\u003eUse the \u003ccode\u003eGet-Service\u003c/code\u003e PowerShell cmdlet to identify services with unquoted paths in your environment.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-16T16:19:44Z","date_published":"2026-05-16T16:19:44Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2020-37247/","summary":"Kite 4.2.0.1 U1 contains an unquoted service path vulnerability (CVE-2020-37247) in the KiteService Windows service that allows local attackers to escalate privileges by placing a malicious executable in a directory due to the unquoted service path.","title":"Kite Unquoted Service Path Vulnerability (CVE-2020-37247)","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2020-37247/"}],"language":"en","title":"CraftedSignal Threat Feed — Kite 4.2.0.1 U1","version":"https://jsonfeed.org/version/1.1"}