Which versions of Microsoft are affected by EUVD-2017-18930?

Serviio PRO 1.8 contains a critical privilege escalation vulnerability that allows any authenticated user on Windows systems to execute malicious code with system-level permissions.

Is there a public PoC exploit available for EUVD-2017-18930?

Yes, a public proof-of-concept exploit is available for EUVD-2017-18930. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate EUVD-2017-18930?

Within 24 hours: Identify all systems running Serviio PRO 1.8 and assess business criticality. Within 7 days: Implement compensating controls (restrict local user access, apply NTFS permission hardening on installation directory, disable Serviio service if non-critical). Within 30 days: Upgrade to Serviio 2.x or later, or migrate to alternative media server solutions; if neither is feasible, implement application whitelisting and restrict local administrative access.

Microsoft EUVD-2017-18930

Q: What is the CVSS score of EUVD-2017-18930?

EUVD-2017-18930 has a CVSS 4.0 base score of 8.5 (High). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2017-20218 HIGH

Unquoted Search Path or Element (CWE-428)

2026-03-15 VulnCheck

Privilege Escalation RCE Microsoft

8.5

CVSS 4.0

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 15, 2026 - 15:22 NVD

7.8 (HIGH) 8.5 (HIGH)

PoC Detected

Mar 16, 2026 - 14:53 vuln.today

Public exploit code

EUVD ID Assigned

Mar 15, 2026 - 20:00 euvd

EUVD-2017-18930

Analysis Generated

Mar 15, 2026 - 20:00 vuln.today

CVE Published

Mar 15, 2026 - 18:34 nvd

HIGH 7.8

DescriptionNVD

Serviio PRO 1.8 contains an unquoted search path vulnerability in the Windows service that allows local users to execute arbitrary code with elevated privileges by placing malicious executables in the system root path. Additionally, improper directory permissions with full access for the Users group allow authenticated users to replace the executable file with arbitrary binaries, enabling privilege escalation during service startup or system reboot.

AnalysisAI

Serviio PRO 1.8 and earlier versions contain an unquoted service path vulnerability combined with insecure directory permissions that allows local authenticated users to escalate privileges to SYSTEM level. A public exploit is available, making this vulnerability easily exploitable by any authenticated user on the system. With a CVSS score of 7.8 and multiple proof-of-concept exploits published, this represents a significant risk for organizations running affected versions.

Technical ContextAI

This vulnerability combines two distinct security flaws in the Serviio PRO media server software (CPE: cpe:2.3:a:serviio:serviio_pro:*:*:*:*:*:*:*:*). The primary issue is CWE-428 (Unquoted Search Path), where the Windows service executable path lacks proper quotation marks, causing Windows to search for executables in unexpected locations. Additionally, the installation directory grants full access permissions to the Users group, allowing any authenticated user to replace legitimate binaries. Affected versions include Serviio PRO 1.6.1, 1.7.0, 1.7.1, and 1.8.0.0 PRO according to ENISA EUVD data.

RemediationAI

Users should upgrade to Serviio PRO version newer than 1.8.0.0 if available. As immediate workarounds: (1) Manually quote the service path in the Windows registry under HKLM\SYSTEM\CurrentControlSet\Services\Serviio, (2) Restrict directory permissions on the Serviio installation folder to remove write access for non-administrative users, (3) Monitor for unauthorized modifications to files in the Serviio directory. Vendor advisory available at https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5405.php.