Kite · Kite · CVE-2020-37247
**Name of the Vulnerable Software and Affected Versions**
Kite version 4.2.0.1 U1
**Description**
The KiteService Windows service contains an unquoted service path issue. This occurs when a service path containing spaces is not enclosed in quotation marks, allowing a local attacker to place a malicious executable in the directory path to be executed with LocalSystem privileges upon service startup, leading to privilege escalation.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.