PT-2026-2426 · Mediconta · Mediconta
Luis Martinez
·
Published
2026-01-13
·
Updated
2026-01-14
·
CVE-2023-54336
CVSS v3.1
8.4
High
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Mediconta version 3.7.27
Description
Mediconta version 3.7.27 contains an unquoted service path vulnerability within the
servermedicontservice. This allows local users to potentially execute code with elevated privileges. The vulnerability exists due to an unquoted path in C:Program Files (x86)medicont3. An attacker can exploit this by injecting malicious code that executes with LocalSystem permissions during service startup.Recommendations
Ensure the service path is properly quoted to prevent malicious code execution.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mediconta