CVE-2017-20218

| EUVD-2017-18930 HIGH
2026-03-15 VulnCheck
7.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
PoC Detected
Mar 16, 2026 - 14:53 vuln.today
Public exploit code
Analysis Generated
Mar 15, 2026 - 20:00 vuln.today
EUVD ID Assigned
Mar 15, 2026 - 20:00 euvd
EUVD-2017-18930
CVE Published
Mar 15, 2026 - 18:34 nvd
HIGH 7.8

Tags

Privilege Escalation RCE Microsoft Serviio Pro Windows

Description

Serviio PRO 1.8 contains an unquoted search path vulnerability in the Windows service that allows local users to execute arbitrary code with elevated privileges by placing malicious executables in the system root path. Additionally, improper directory permissions with full access for the Users group allow authenticated users to replace the executable file with arbitrary binaries, enabling privilege escalation during service startup or system reboot.

Analysis

Serviio PRO 1.8 and earlier versions contain an unquoted service path vulnerability combined with insecure directory permissions that allows local authenticated users to escalate privileges to SYSTEM level. A public exploit is available, making this vulnerability easily exploitable by any authenticated user on the system. With a CVSS score of 7.8 and multiple proof-of-concept exploits published, this represents a significant risk for organizations running affected versions.

Technical Context

This vulnerability combines two distinct security flaws in the Serviio PRO media server software (CPE: cpe:2.3:a:serviio:serviio_pro:*:*:*:*:*:*:*:*). The primary issue is CWE-428 (Unquoted Search Path), where the Windows service executable path lacks proper quotation marks, causing Windows to search for executables in unexpected locations. Additionally, the installation directory grants full access permissions to the Users group, allowing any authenticated user to replace legitimate binaries. Affected versions include Serviio PRO 1.6.1, 1.7.0, 1.7.1, and 1.8.0.0 PRO according to ENISA EUVD data.

Affected Products

Serviio PRO versions 1.6.1, 1.7.0, 1.7.1, and 1.8.0.0 PRO on Windows platforms. The vulnerability specifically affects the Windows service installation where the executable path is unquoted and directory permissions allow write access to the Users group. Linux installations are not affected as this is a Windows service-specific issue.

Remediation

Users should upgrade to Serviio PRO version newer than 1.8.0.0 if available. As immediate workarounds: (1) Manually quote the service path in the Windows registry under HKLM\SYSTEM\CurrentControlSet\Services\Serviio, (2) Restrict directory permissions on the Serviio installation folder to remove write access for non-administrative users, (3) Monitor for unauthorized modifications to files in the Serviio directory. Vendor advisory available at https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5405.php.

Priority Score

59
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +39
POC: +20

Share

CVE-2017-20218 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy