CVE-2020-37251
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
RealTimes Desktop Service version 18.1.4 contains an unquoted service path vulnerability in the rpdsvc.exe binary that allows local attackers to escalate privileges. Attackers can place malicious executables in unquoted path directories to execute arbitrary code with LocalSystem privileges during service startup or system reboot.
Risk Assessment
This vulnerability poses a significant risk to organizations by allowing local attackers to gain full system privileges. This could lead to unauthorized access to data and potential damage to IT infrastructure.
Recommendation
It is recommended to update the RealTimes Desktop Service to the latest version to mitigate this vulnerability. Additionally, conducting an audit of service paths to identify and secure unquoted paths is advisable.
Original NVD description (English source)
RealTimes Desktop Service 18.1.4 contains an unquoted service path vulnerability in the rpdsvc.exe binary that allows local attackers to escalate privileges. Attackers can place malicious executables in unquoted path directories to execute arbitrary code with LocalSystem privileges during service startup or system reboot.

