CVE-2020-36989

Name of the Vulnerable Software and Affected Versions ForensiT AppX Management Service version 2.2.0.4

Description The ForensiT AppX Management Service contains an unquoted service path issue. This allows local users to potentially run arbitrary code with elevated system privileges. An attacker can exploit the unquoted path in the service configuration to inject malicious code. This code would then execute with LocalSystem account permissions when the service starts.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, modify the service configuration to use quoted paths.