Deepinstinct · Deep Instinct Windows Agent · CVE-2020-37047
**Name of the Vulnerable Software and Affected Versions**
Deep Instinct Windows Agent version 1.2.29.0
**Description**
The Deep Instinct Windows Agent version 1.2.29.0 has an issue with an unquoted service path in the `DeepMgmtService`. This allows local users to potentially run code with higher privileges. An attacker can exploit the unquoted path at C:Program FilesHP Sure SenseDeepMgmtService.exe to inject malicious code. This code would then run with LocalSystem permissions when the service starts.
**Recommendations**
Ensure the service path for `DeepMgmtService` is enclosed in quotes.