CVE-2020-37021

Name of the Vulnerable Software and Affected Versions 10-Strike Bandwidth Monitor version 3.9

Description The software contains an unquoted service path vulnerability in multiple services. This allows local attackers to escalate privileges by placing a malicious executable in specific file path locations, achieving privilege escalation to SYSTEM during service startup.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, carefully monitor file system changes in the service path locations for unexpected or unauthorized executables.