PT-2026-5577 · Deepinstinct+1 · Deep Instinct Windows Agent+1
Oscar Flores
·
Published
2026-02-01
·
Updated
2026-02-01
·
CVE-2020-37047
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Deep Instinct Windows Agent version 1.2.29.0
Description
The Deep Instinct Windows Agent version 1.2.29.0 has an issue with an unquoted service path in the
DeepMgmtService. This allows local users to potentially run code with higher privileges. An attacker can exploit the unquoted path at C:Program FilesHP Sure SenseDeepMgmtService.exe to inject malicious code. This code would then run with LocalSystem permissions when the service starts.Recommendations
Ensure the service path for
DeepMgmtService is enclosed in quotes.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Deep Instinct Windows Agent
Hp Sure Sense