CVE-2023-54336 | HackTesting

Mediconta 3.7.27 contains an unquoted service path vulnerability in the servermedicontservice that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\medicont3\ to inject malicious code that would execute with LocalSystem permissions during service startup.

Credits

Luis Martinez

References

https://www.exploit-db.com/exploits/51064

https://www.infonetsoftware.com

https://www.vulncheck.com/advisories/mediconta-servermedicontservice-unquoted-service-path