PT-2026-2426 · Mediconta · Mediconta
Luis Martinez
·
Publicado
2026-01-13
·
Atualizado
2026-01-14
·
CVE-2023-54336
CVSS v3.1
8.4
Alta
| Vetor | AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Mediconta version 3.7.27
Description
Mediconta version 3.7.27 contains an unquoted service path vulnerability within the
servermedicontservice. This allows local users to potentially execute code with elevated privileges. The vulnerability exists due to an unquoted path in C:Program Files (x86)medicont3. An attacker can exploit this by injecting malicious code that executes with LocalSystem permissions during service startup.Recommendations
Ensure the service path is properly quoted to prevent malicious code execution.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Mediconta