Deepinstinct · Deep Instinct Windows Agent · CVE-2020-36934
**Name of the Vulnerable Software and Affected Versions**
Deep Instinct Windows Agent version 1.2.24.0
**Description**
The Deep Instinct Windows Agent has an issue related to an unquoted service path in the `DeepNetworkService`. This could allow local users to potentially run code with higher privileges. An attacker could exploit the unquoted path located at C:Program FilesHP Sure SenseDeepNetworkService.exe to inject malicious code. This injected code would then run with LocalSystem permissions when the service starts.
**Recommendations**
Ensure the service path for `DeepNetworkService` is enclosed in quotes.